wiro.world / dotfiles
yep, more dotfiles
fork atom
dotfiles / nixos / fragments / agenix.nix
at main 909 B view raw
1{ self 2, config 3, lib 4 5, isDarwin 6, ... 7}: 8 9let 10 inherit (self.inputs) agenix; 11 12 cfg = config.local.fragment.agenix; 13in 14{ 15 imports = [ 16 (if isDarwin then agenix.darwinModules.default else agenix.nixosModules.default) 17 ]; 18 19 options.local.fragment.agenix.enable = lib.mkEnableOption '' 20 Agenix secrets manager 21 22 Depends on: 23 - `openssh` services: needs host machine keys 24 ''; 25 26 config = lib.mkIf cfg.enable { 27 assertions = [ 28 { assertion = config.services.openssh.enable; message = "`agenix` fragment depends on `openssh` program"; } 29 ]; 30 31 age = { 32 # By default, agenix uses host machine keys (aka `openssh.hostKeys`). 33 # These are always available at boot in opposition to user one that might 34 # be located on luks protected partitions. 35 # identityPaths = [ ]; 36 37 # Secrets are defined in the fragments that use it 38 # secrets = ...; 39 }; 40 }; 41} 42