From 784ac3fd221a477cccc168e90baea2a22509d7c2 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Sat, 11 Mar 2023 13:24:35 -0800 Subject: secrets: use homeage to manage secrets for home-manager Instead of using agenix for all the secrets, I can use homeage for secrets that are related to my user sessions. Secrets by default will be store under `~/.secrets'. They are encrypted using `age' and to decrypt them, a key is expected to be located under `~/.age/key.txt'. The last place where I was using `pass' (and so GPG too) was for the secrets for `mbsync': this change adds a secret for fastmail to the repository and update `mbsync' configuration to use it. --- nix/mkHomeManagerConfiguration.nix | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'nix') diff --git a/nix/mkHomeManagerConfiguration.nix b/nix/mkHomeManagerConfiguration.nix index cdd25bd..fc98c7c 100644 --- a/nix/mkHomeManagerConfiguration.nix +++ b/nix/mkHomeManagerConfiguration.nix @@ -18,9 +18,17 @@ inputs.home-manager.lib.homeManagerConfiguration { homeDirectory = "/home/${username}"; stateVersion = stateVersion; }; + homeage = { + identityPaths = [ "~/.age/key.txt" ]; + installationType = "activation"; + mount = "/home/${username}/.secrets"; + }; + imports = [ inputs.homeage.homeManagerModules.homeage ]; } ]; + extraSpecialArgs = { inherit inputs self; }; + pkgs = import inputs.nixpkgs { inherit system; config.allowUnfree = true; -- cgit 1.4.1