nixos/fragments/agenix.nix at use-themed-sddm · wiro.world/dotfiles

wiro.world / dotfiles

yep, more dotfiles

dotfiles / nixos / fragments / agenix.nix

at use-themed-sddm 903 B view raw

 1{ self
 2, config
 3, lib
 4
 5, isDarwin
 6, ...
 7}:
 8
 9let
10  inherit (self.inputs) agenix;
11
12  cfg = config.local.fragment.agenix;
13  all-secrets = import ../../secrets;
14in
15{
16  imports = [
17    (if isDarwin then agenix.darwinModules.default else agenix.nixosModules.default)
18  ];
19
20  options.local.fragment.agenix.enable = lib.mkEnableOption ''
21    Agenix secrets manager
22
23    Depends on:
24    - `openssh` services: needs host machine keys
25  '';
26
27  config = lib.mkIf cfg.enable {
28    assertions = [
29      { assertion = config.services.openssh.enable; message = "`agenix` fragement depends on `openssh` program"; }
30    ];
31
32    age = {
33      # By default, agenix uses host machine keys (aka `openssh.hostKeys`).
34      # These are always available at boot in opposition to user one that might
35      # be located on luks protected partitions.
36      # identityPaths = [ ];
37
38      secrets = all-secrets.nixos;
39    };
40  };
41}
42