home-manager/fragments/agenix.nix at ae3b51a875e3ee92c7194aa99c7d2c3e1d511ed9 · wiro.world/dotfiles

wiro.world / dotfiles

yep, more dotfiles

dotfiles / home-manager / fragments / agenix.nix

at ae3b51a875e3ee92c7194aa99c7d2c3e1d511ed9 607 B view raw

 1{ self
 2, config
 3, lib
 4, ...
 5}:
 6
 7let
 8  inherit (self.inputs) agenix;
 9
10  cfg = config.local.fragment.agenix;
11
12  all-secrets = import ../../secrets;
13in
14{
15  options.local.fragment.agenix.enable = lib.mkEnableOption ''
16    Agenix related
17  '';
18
19  imports = [ agenix.homeManagerModules.default ];
20
21  config = lib.mkIf cfg.enable {
22    age.secrets = all-secrets.home-manager;
23    # This allows us to decrypt user space secrets without having to use a
24    # passwordless ssh key as you cannot interact with age in the service.
25    age.identityPaths = [ "${config.home.homeDirectory}/.ssh/id_home_manager" ];
26  };
27}