Initial commit

secrets/.gitignore

@@ -0,0 +1,3 @@
+# *
+!secrets.nix.example
+!default.nix

secrets/default.nix

@@ -0,0 +1,29 @@
+{
+  inputs,
+  pkgs,
+  user,
+  ...
+}: let
+  ageFiles = builtins.attrNames (import ./secrets.nix);
+  ageNames =
+    map (
+      name:
+        with builtins;
+          substring 0 (stringLength name - 4) name
+    )
+    ageFiles;
+in {
+  home.packages = with inputs; [
+    agenix.packages."${pkgs.system}".default
+  ];
+
+  age = {
+    identityPaths = ["/home/${user}/.ssh/id_ed25519"];
+
+    secrets = builtins.listToAttrs (map (name: {
+        inherit name;
+        value.file = ./${name}.age;
+      })
+      ageNames);
+  };
+}

secrets/nextcloud.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 YgeALA LRXSjEG25sS233s6YtC9d09pN+NxFZAMtcSFYWK/si8
+NBGgGKt/yCUd2NSsWhn5uuZ6d8BtyXXWDLTD/ZzCV3k
+--- ZXR4S3GiD1yD6peBUjj8CuEb5AtXgpyFMqtGt6wA9Qg
+J0ý¿KÂàÓïÆ›IfN'ìäè<C3A4>3hÎpé„“ñVUˆ­l˜UhùÅWƒ¿OÇg—D™9¼
+“§P~(ØGKñäír•vVF¥¿N•å÷<1D>‰ŽÉfFÉäÇM‡<4D>UláÔ½nã´ .$nÎÙS}<7D>zpèš“צ€Šæßýõ~ð<>¥B÷<42>/ë{Õ1À¼½íJsAqÏS;|	ìÞðº(€ÀĪºà‡ÝÜO¯‰oÀ‡mZöëB½­fà	Nfv(%tê)±L9ý’ƒ½<>ý©÷×ÆêN¸ïr`˜áB·W¶’F1Ñja
+Û‹ë]¤dÒQ-/è¼i2³Ç4ÈÆ3þñ°¿)dåW#TÆÝ|9´¹"

secrets/secrets.nix

@@ -0,0 +1,14 @@
+let
+  pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+jwmNk9ciSlN/hEKXYGPLBE7lma1tqevXje0EKqqlp demenik@thinkpad";
+
+  ageFiles = [
+    "obsidian-personal"
+    "obsidian-uni-notes"
+    "nextcloud"
+  ];
+in
+  builtins.listToAttrs (map (file: {
+      name = "${file}.age";
+      value = {publicKeys = [pubKey];};
+    })
+    ageFiles)