about summary refs log tree commit diff
path: root/nix
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2023-03-11 13:24:35 -0800
committerFranck Cuny <franck@fcuny.net>2023-03-11 13:41:15 -0800
commit784ac3fd221a477cccc168e90baea2a22509d7c2 (patch)
tree1cac0bfc8ff1e2b8015cbfb547073e2aeee7d3ae /nix
parenthome/gnome: no more keyring (diff)
downloadworld-784ac3fd221a477cccc168e90baea2a22509d7c2.tar.gz
secrets: use homeage to manage secrets for home-manager
Instead of using agenix for all the secrets, I can use homeage for
secrets that are related to my user sessions.

Secrets by default will be store under `~/.secrets'. They are encrypted
using `age' and to decrypt them, a key is expected to be located under
`~/.age/key.txt'.

The last place where I was using `pass' (and so GPG too) was for the
secrets for `mbsync': this change adds a secret for fastmail to the
repository and update `mbsync' configuration to use it.
Diffstat (limited to 'nix')
-rw-r--r--nix/mkHomeManagerConfiguration.nix8
1 files changed, 8 insertions, 0 deletions
diff --git a/nix/mkHomeManagerConfiguration.nix b/nix/mkHomeManagerConfiguration.nix
index cdd25bd..fc98c7c 100644
--- a/nix/mkHomeManagerConfiguration.nix
+++ b/nix/mkHomeManagerConfiguration.nix
@@ -18,9 +18,17 @@ inputs.home-manager.lib.homeManagerConfiguration {
         homeDirectory = "/home/${username}";
         stateVersion = stateVersion;
       };
+      homeage = {
+        identityPaths = [ "~/.age/key.txt" ];
+        installationType = "activation";
+        mount = "/home/${username}/.secrets";
+      };
+      imports = [ inputs.homeage.homeManagerModules.homeage ];
     }
   ];
 
+  extraSpecialArgs = { inherit inputs self; };
+
   pkgs = import inputs.nixpkgs {
     inherit system;
     config.allowUnfree = true;