diff options
Diffstat (limited to 'modules/nixos/common/secrets.nix')
| -rw-r--r-- | modules/nixos/common/secrets.nix | 46 |
1 files changed, 2 insertions, 44 deletions
diff --git a/modules/nixos/common/secrets.nix b/modules/nixos/common/secrets.nix index 2ee5753..9a82c44 100644 --- a/modules/nixos/common/secrets.nix +++ b/modules/nixos/common/secrets.nix @@ -1,45 +1,3 @@ -{ - config, - inputs, - lib, - pkgs, - this, - ... -}: -with lib; { - imports = [ - inputs.agenix.nixosModules.default - (mkAliasOptionModule ["secrets"] ["age" "secrets"]) - ]; - - config = { - age = { - identityPaths = - if this.isHeadful - then ["${config.my.home}/.ssh/id_${my.ssh.type}"] - else - map (attr: attr.path) (filter (attr: attr.type == my.ssh.type) - config.services.openssh.hostKeys); - - # This can be used to auto-add all secrets, thus eliminating the need to - # specify path to each envrypted file. The drawback is that this will - # expose *all* secrets to all machines and try to decrypt them all even on - # machines where the secret will not be used. - # - # secrets = - # let - # secretsSourceDir = "${inputs.self}/age"; - # in - # mapAttrs' - # (name: _: - # nameValuePair name { - # file = "${secretsSourceDir}/${name}"; - # owner = mkDefault my.username; - # group = mkDefault config.my.group; - # }) - # (builtins.readDir secretsSourceDir); - }; - - environment.systemPackages = with pkgs; [agenix]; - }; +{inputs, ...}: { + imports = [inputs.agenix.nixosModules.default]; } |