22 lines
514 B
Nix
22 lines
514 B
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
{
|
|
options.secrets = {
|
|
enable = lib.mkEnableOption "agenix secret management";
|
|
|
|
identity = lib.mkOption {
|
|
type = lib.types.path;
|
|
default = "/etc/ssh/ssh_host_ed25519_key";
|
|
description = "Path to the SSH host private key used for age decryption.";
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf config.secrets.enable {
|
|
age = {
|
|
identityPaths = [ config.secrets.identity ];
|
|
secrets = { };
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [ agenix ];
|
|
};
|
|
} |