From 4ba7d237b784c13720cf3f11835e4c6f99c1a972 Mon Sep 17 00:00:00 2001
From: eyjhb <eyjhbb@gmail.com>
Date: Fri, 9 Aug 2024 21:34:46 +0200
Subject: [PATCH] add agenix support for secrets

---
 secrets/default.nix         |  4 ++++
 secrets/secrets.nix         | 13 +++++++++++++
 shared/default.nix          |  8 +++++++-
 shared/sources/sources.json | 12 ++++++++++++
 4 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 secrets/default.nix
 create mode 100644 secrets/secrets.nix

diff --git a/secrets/default.nix b/secrets/default.nix
new file mode 100644
index 0000000..645e1cb
--- /dev/null
+++ b/secrets/default.nix
@@ -0,0 +1,4 @@
+{
+  age.secrets = {
+  };
+}
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 0000000..c3a3bf7
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,13 @@
+let
+  user_eyjhb = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPuma8g+U8Wh+4mLvZoV9V+ngPqxjuIG4zhsbaTeXq65 eyjhb@chronos";
+  user_rendal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGee4uz+HDOj4Y4ANOhWJhoc4mMLP1gz6rpKoMueQF2J rendal@popper";
+  users = [ user_eyjhb user_rendal ];
+
+
+  system_gerd = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJosDVq8j4V50/z6nj2OMBPhqda95HOS1hKLGvo8viLQ";
+  systems = [ system_gerd ];
+
+  defaultAccess = users ++ systems;
+in
+{
+}
diff --git a/shared/default.nix b/shared/default.nix
index 25ef441..ab1e7c4 100644
--- a/shared/default.nix
+++ b/shared/default.nix
@@ -1,5 +1,11 @@
-{
+let
+  sources = import ./sources/sources.nix;
+in {
   imports = [
+    # secrets
+    "${sources.agenix}/modules/age.nix"
+    ./../secrets
+
     ./base/common-config.nix
     ./platforms
     ./modules
diff --git a/shared/sources/sources.json b/shared/sources/sources.json
index 113b50c..6ad6e64 100644
--- a/shared/sources/sources.json
+++ b/shared/sources/sources.json
@@ -1,4 +1,16 @@
 {
+    "agenix": {
+        "branch": "main",
+        "description": "age-encrypted secrets for NixOS and Home manager",
+        "homepage": "https://matrix.to/#/#agenix:nixos.org",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "3f1dae074a12feb7327b4bf43cbac0d124488bb7",
+        "sha256": "09aldzzc50121p0b3apj2c0l71jgmbif46a76shlgps8wbbbkr35",
+        "type": "tarball",
+        "url": "https://github.com/ryantm/agenix/archive/3f1dae074a12feb7327b4bf43cbac0d124488bb7.tar.gz",
+        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+    },
     "disko": {
         "branch": "master",
         "description": "Declarative disk partitioning and formatting using nix [maintainer=@Lassulus]",