From 64b7892f6e362b21182e665a49d3634a26370341 Mon Sep 17 00:00:00 2001
From: Pacman99 <pachum99@gmail.com>
Date: Thu, 13 May 2021 10:35:23 -0700
Subject: [PATCH] Add agenix integration to secrets and flake

---
 flake.lock             | 21 +++++++++++++++++++++
 flake.nix              | 17 ++++++++++++++++-
 overlays/overrides.nix |  1 +
 secrets/.gitattributes |  1 +
 secrets/secrets.nix    |  9 +++++++++
 5 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100644 secrets/secrets.nix

diff --git a/flake.lock b/flake.lock
index 2195b9a2..e9976a6f 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,25 @@
 {
   "nodes": {
+    "agenix": {
+      "inputs": {
+        "nixpkgs": [
+          "latest"
+        ]
+      },
+      "locked": {
+        "lastModified": 1620877075,
+        "narHash": "sha256-XvgTqtmQZHegu9UMDSR50gK5cHEM2gbnRH0qecmdN54=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "e543aa7d68f222e1e771165da9e9a64b5bf7b3e3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
     "ci-agent": {
       "inputs": {
         "flake-compat": "flake-compat",
@@ -352,6 +372,7 @@
     },
     "root": {
       "inputs": {
+        "agenix": "agenix",
         "ci-agent": "ci-agent",
         "darwin": "darwin",
         "digga": "digga",
diff --git a/flake.nix b/flake.nix
index 6b6860f5..f641f592 100644
--- a/flake.nix
+++ b/flake.nix
@@ -17,13 +17,26 @@
       home.inputs.nixpkgs.follows = "nixos";
       naersk.url = "github:nmattia/naersk";
       naersk.inputs.nixpkgs.follows = "latest";
+      agenix.url = "github:ryantm/agenix";
+      agenix.inputs.nixpkgs.follows = "latest";
       nixos-hardware.url = "github:nixos/nixos-hardware";
 
       pkgs.url = "path:./pkgs";
       pkgs.inputs.nixpkgs.follows = "nixos";
     };
 
-  outputs = inputs@{ self, pkgs, digga, nixos, ci-agent, home, nixos-hardware, nur, ... }:
+  outputs =
+    { self
+    , pkgs
+    , digga
+    , nixos
+    , ci-agent
+    , home
+    , nixos-hardware
+    , nur
+    , agenix
+    , ...
+    } @ inputs:
     digga.lib.mkFlake {
       inherit self inputs;
 
@@ -36,6 +49,7 @@
             ./pkgs/default.nix
             pkgs.overlay # for `srcs`
             nur.overlay
+            agenix.overlay
           ];
         };
         latest = { };
@@ -60,6 +74,7 @@
             { _module.args.ourLib = self.lib; }
             ci-agent.nixosModules.agent-profile
             home.nixosModules.home-manager
+            agenix.nixosModules.age
             ./modules/customBuilds.nix
           ];
         };
diff --git a/overlays/overrides.nix b/overlays/overrides.nix
index 59516b3d..629f44b1 100644
--- a/overlays/overrides.nix
+++ b/overlays/overrides.nix
@@ -8,6 +8,7 @@ channels: final: prev: {
     discord
     element-desktop
     manix
+    rage
     nixpkgs-fmt
     qutebrowser
     signal-desktop
diff --git a/secrets/.gitattributes b/secrets/.gitattributes
index ff69eb2a..901863e3 100644
--- a/secrets/.gitattributes
+++ b/secrets/.gitattributes
@@ -1,3 +1,4 @@
 * filter=git-crypt diff=git-crypt
 .gitattributes !filter !diff
+secrets.nix !filter !diff
 README.md !filter !diff
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 00000000..bac30e03
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,9 @@
+let
+  # set ssh public keys here for your system and user
+  system = "";
+  user = "";
+  allKeys = [ system user ];
+in
+{
+  "secret.age".publicKeys = allKeys;
+}