feat: added masterIdentitiy symlink to allow for host specific

decryption

flake.nix

@@ -109,8 +109,8 @@
   in
     {
       secretsConfig = {
-        masterIdentities = [./secrets/NIXOSc.key.pub];
+        # This should be a link to one of the age public keys is './keys'
-        #masterIdentities = [./secrets/NIXOSa.key.pub];
+        masterIdentities = ["/run/decrypt.key.pub"];
         extraEncryptionPubkeys = [./secrets/recipients.txt];
       };
       agenix-rekey = agenix-rekey.configure {

hosts/desktopnix/default.nix

@@ -42,4 +42,8 @@
     layout = "de";
     xkbVariant = "bone";
   };
+
+  system.activationScripts.decryptKey.text = ''
+    ln -s ${../../keys/PatC.key} /run/decrypt.key.pub
+  '';
 }

hosts/patricknix/default.nix

@@ -50,4 +50,7 @@
       };
     };
   };
+  system.activationScripts.decryptKey.text = ''
+    ln -s ${../../keys/PatC.key} /run/decrypt.key.pub
+  '';
 }

modules/secrets.nix

@@ -7,8 +7,6 @@
   inherit
     (lib)
     mapAttrs
-    # Not really unused LSP is confuse
-    
     assertMsg
     types
     mkOption
@@ -29,7 +27,7 @@
   importEncrypted = path:
     constSet (
       if builtins.pathExists path
-      then builtins.extraBuiltins.rageImportEncrypted inputs.self.secretsConfig.masterIdentities path
+      then rageImportEncrypted inputs.self.secretsConfig.masterIdentities path
       else {}
     );
   cfg = config.secrets;