agenix
agenix copied to clipboard
ryantm
age-encrypted secrets for NixOS and Home manager
This is an updated take on @cmhamill's work in #79 accommodating a lot of recent changes to the module in `main`. Props to @cmhamill for getting this most of the...
I don't have the brainspace to test this right now, but I figured I would put it up in case other people were inspired to test before I did. Things...
It'd be cool if, just like I can use `agenix.nixosModules.age`, I could also use `agenix.darwinModules.age`.
This simplifies agenix by combining the root and nonRoot secret installation into one place and delays setting the owner and group of the secrets until after the users and groups...
As suggested in Matrix I am creating this issue about the order in which agenix operates. When switching generations I consistantly see the following order of operations in the log...
Setting `age.identityPaths = [ "/etc/ssh/ssh_host_rsa_key" "/etc/nixos/keys/${config.networking.hostName}/id_rsa" ];` will give a warning that the first doesn't exist (at the moment, after boot it will) and I expected it to fallback to...
I'm writing a NixOS iso (USB installer) to batch-install NixOS on dozens of machines. The installer needs access to some secrets, and I'd *like* to be able to use `agenix`...
### Description This is an alternative approach to #50. It delegates user-specific secrets configuration to the system agenix module, so it works when home-manager is used as a NixOS/nix-darwin module...
I was trying to use [age-plugin-yubikey](https://github.com/str4d/age-plugin-yubikey) with `rage` to create a key that doesn't live on my file system. This works, but not completely conveniently all the way: agenix happily...
