modules/nixos/traits/secrets.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

{
  config,
  lib,
  inputs,
  ...
}: let
  cfg = config.traits.secrets;
in {
  options.traits.secrets = {
    enable = lib.mkEnableOption "secrets management";
  };

  imports = [inputs.agenix.nixosModules.default];

  config = lib.mkIf cfg.enable {
    _module.args = {
      secretsDir = ../../../secrets/${config.networking.hostName};
    };

    age = {
      identityPaths = ["/etc/age/key"];
    };
  };
}