32 lines
792 B
Nix
32 lines
792 B
Nix
|
{ inputs, self, ... }:
|
||
|
|
{
|
||
|
|
imports = [ inputs.agenix-rekey.flakeModule ];
|
||
|
|
flake = {
|
||
|
|
secretsConfig = {
|
||
|
|
# This should be a link to one of the age public keys in './keys'
|
||
|
|
masterIdentities = [ ../keys/PatC.pub ];
|
||
|
|
extraEncryptionPubkeys = [ ../secrets/recipients.txt ];
|
||
|
|
};
|
||
|
|
};
|
||
|
|
perSystem =
|
||
|
|
{ config, ... }:
|
||
|
|
{
|
||
|
|
agenix-rekey.nodes = self.nodes;
|
||
|
|
devshells.default = {
|
||
|
|
commands = [
|
||
|
|
{
|
||
|
|
inherit (config.agenix-rekey) package;
|
||
|
|
help = "Edit, generate and rekey secrets";
|
||
|
|
}
|
||
|
|
];
|
||
|
|
env = [
|
||
|
|
{
|
||
|
|
# Always add files to git after agenix rekey and agenix generate.
|
||
|
|
name = "AGENIX_REKEY_ADD_TO_GIT";
|
||
|
|
value = "true";
|
||
|
|
}
|
||
|
|
];
|
||
|
|
};
|
||
|
|
};
|
||
|
|
}
|