Sets up agenix

2025-04-25 16:26:53 +02:00 · 2025-04-25 16:26:53 +02:00 · aa80f0d708
commit aa80f0d708
parent b2df5a314e
2 changed files with 26 additions and 1 deletions
--- a/flake.nix
+++ b/flake.nix
@ -2,6 +2,7 @@
  description = "dnsc-server NixOS flake";

  inputs = {
+    inputs.agenix.url = "github:ryantm/agenix";
    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
    home-manager = {
      url = "github:nix-community/home-manager";
@ -29,7 +30,10 @@
    nixosConfigurations.dnsc-vps-sm = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      specialArgs = {inherit inputs outputs;};
-      modules = [./hosts/dnsc-vps-sm];
+      modules = [
+          ./hosts/dnsc-vps-sm
+          agenix.nixosModules.default
+      ];
    };

    darwinConfigurations.dnsc-air = nix-darwin.lib.darwinSystem {
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -0,0 +1,21 @@
+let
+  dnsc-air = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvXWZOPOJJDAoF+Sx/ZLoAVu6G/7/MAWoknBgMAzjul dennis@dnsc-mac";
+  dnsc-vps-sm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHHS4Cq3G0yjoXB9qargJc/zbZdlClnJOcLxSC5ROo7h dennis@dnsc-vps-sm";
+  dnsc-server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM3mkEgvHrwjsEReHQHpLbMP71JLvp6XxMPyW7PTaLCd dennis@dnsc-server";
+  systems = [ dnsc-air dnsc-vps-sm dnsc-server ];
+in
+{
+  # Add like this: "secret1.age".publicKeys = systems;
+}
+
+# 1. Create a file with secret
+# nix run github:ryantm/agenix -- -e $FILE_PATH
+#
+# 2. Reference the file in NixOS config:
+# {
+#  age.secrets.secret1.file = ../secrets/secret1.age;
+# }
+#
+# 3. And use it like this:
+# passwordFile = config.age.secrets.secret1.path;
+