From 89c2e04bb397b0e6ea368f607fe55a4218358d06 Mon Sep 17 00:00:00 2001
From: Timothy DeHerrera <tim.deh@pm.me>
Date: Fri, 3 Jan 2020 17:54:27 -0700
Subject: [PATCH] secrets: create on entering a nix-shell

---
 README.md | 11 +++++++----
 shell.nix |  4 ++++
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 645a7a74..823d0aed 100644
--- a/README.md
+++ b/README.md
@@ -112,10 +112,13 @@ your user should be declared here. For convenience, [home-manager][home-manager]
 is available automatically for home directory setup.
 
 ## Secrets
-Anything you wish to keep encrypted goes in the [secrets](secrets) directory.
-Be sure to run `git crypt init`, before committing anything to this repo.
-Be sure to check out the [documentation](https://github.com/AGWA/git-crypt) if
-your not familiar.
+Anything you wish to keep encrypted goes in the directory, which is created
+on first entering a `nix-shell`.
+
+Be sure to run `git crypt init`, before committing anything to this directory.
+Be sure to check out git-crypts [documentation](https://github.com/AGWA/git-crypt)
+if your not familiar. The filter is already set up to encrypt everything in this
+folder by default.
 
 To keep [profiles](profiles) resuable across configurations, secrets should
 only be imported from the [users](users) directory.
diff --git a/shell.nix b/shell.nix
index f6030183..38266859 100644
--- a/shell.nix
+++ b/shell.nix
@@ -24,6 +24,10 @@ pkgs.mkShell {
     rebuild
   ];
 
+  shellHook = ''
+    mkdir -p secrets
+  '';
+
   NIX_CONF_DIR = let
     current = pkgs.lib.optionalString (builtins.pathExists /etc/nix/nix.conf)
       (builtins.readFile /etc/nix/nix.conf);