diff options
author | Franck Cuny <franck@fcuny.net> | 2023-03-11 13:24:35 -0800 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2023-03-11 13:41:15 -0800 |
commit | 784ac3fd221a477cccc168e90baea2a22509d7c2 (patch) | |
tree | 1cac0bfc8ff1e2b8015cbfb547073e2aeee7d3ae /nix | |
parent | home/gnome: no more keyring (diff) | |
download | world-784ac3fd221a477cccc168e90baea2a22509d7c2.tar.gz |
secrets: use homeage to manage secrets for home-manager
Instead of using agenix for all the secrets, I can use homeage for secrets that are related to my user sessions. Secrets by default will be store under `~/.secrets'. They are encrypted using `age' and to decrypt them, a key is expected to be located under `~/.age/key.txt'. The last place where I was using `pass' (and so GPG too) was for the secrets for `mbsync': this change adds a secret for fastmail to the repository and update `mbsync' configuration to use it.
Diffstat (limited to 'nix')
-rw-r--r-- | nix/mkHomeManagerConfiguration.nix | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/nix/mkHomeManagerConfiguration.nix b/nix/mkHomeManagerConfiguration.nix index cdd25bd..fc98c7c 100644 --- a/nix/mkHomeManagerConfiguration.nix +++ b/nix/mkHomeManagerConfiguration.nix @@ -18,9 +18,17 @@ inputs.home-manager.lib.homeManagerConfiguration { homeDirectory = "/home/${username}"; stateVersion = stateVersion; }; + homeage = { + identityPaths = [ "~/.age/key.txt" ]; + installationType = "activation"; + mount = "/home/${username}/.secrets"; + }; + imports = [ inputs.homeage.homeManagerModules.homeage ]; } ]; + extraSpecialArgs = { inherit inputs self; }; + pkgs = import inputs.nixpkgs { inherit system; config.allowUnfree = true; |