secrets: create on entering a nix-shell

2020-01-03 17:54:27 -07:00 · 2020-01-03 17:54:27 -07:00 · 89c2e04bb3
parent 73d3826d64
commit 89c2e04bb3
2 changed files with 11 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -112,10 +112,13 @@ your user should be declared here. For convenience, [home-manager][home-manager]
 is available automatically for home directory setup.

 ## Secrets
-Anything you wish to keep encrypted goes in the [secrets](secrets) directory.
-Be sure to run `git crypt init`, before committing anything to this repo.
-Be sure to check out the [documentation](https://github.com/AGWA/git-crypt) if
-your not familiar.
+Anything you wish to keep encrypted goes in the directory, which is created
+on first entering a `nix-shell`.
+
+Be sure to run `git crypt init`, before committing anything to this directory.
+Be sure to check out git-crypts [documentation](https://github.com/AGWA/git-crypt)
+if your not familiar. The filter is already set up to encrypt everything in this
+folder by default.

 To keep [profiles](profiles) resuable across configurations, secrets should
 only be imported from the [users](users) directory.
--- a/shell.nix
+++ b/shell.nix
@ -24,6 +24,10 @@ pkgs.mkShell {
    rebuild
  ];

+  shellHook = ''
+    mkdir -p secrets
+  '';
+
  NIX_CONF_DIR = let
    current = pkgs.lib.optionalString (builtins.pathExists /etc/nix/nix.conf)
      (builtins.readFile /etc/nix/nix.conf);