configuration/common: add agenix to environment

configuration/common/default.nix

@@ -23,15 +23,6 @@
     auto-optimise-store = true;
   };
 
-  users.users.clerie = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" ];
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIzEQEWeunhkzP+invKjdsZe4rbUloixa374bYEhBSA5 clerie_id"
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnUBblmmVoMMBftn4EnwnzqR12m9zill51LpO124hHb10K2rqxNoq8tYSc2pMkV/3briZovffpe5SzB+m2MnXbtOBstIEXkrPZQ78vaZ/nLh7+eWg30lCmMPwjf2wIjlTXkcbxbsi7FbPW7FsolGkU/0mqGhqK1Xft/g7SnCXIoGPSSrHMXEv5dPPofCa1Z0Un+98wQTVfOSKek6TnIsfLbG01UFQVkN7afE4dqSmMiWwEm2PK9l+OiBA2/QzDpbtu9wsfTol4c192vFEWR9crB2YZ1JlMbjVWHjYmB7NFsS0A6lUOikss0Y+LUWS2/QuM/kqybSo4rasZMAIazM6D clerie"
-    ];
-  };
-
   environment.systemPackages = with pkgs; [
     gptfdisk
     htop
@@ -39,6 +30,7 @@
     tmux
     colmena
     vim
+    agenix
   ];
 
   programs.mtr.enable = true;

hosts/clerie-backup/configuration.nix

@@ -6,8 +6,6 @@
       ./hardware-configuration.nix
       ../../configuration/proxmox-vm
 
-      ./secrets
-
       ./restic-server.nix
     ];
 

hosts/clerie-backup/secrets/default.nix

@@ -1,5 +0,0 @@
-{ ... }:
-
-{
-  age.secrets.restic-server-cyan-htpasswd.file = ./restic-server-cyan-htpasswd.age;
-}

lib/flake-helper.nix

@@ -19,9 +19,12 @@ rec {
         _module.args._nixfiles = self;
       })
       ../configuration/common
+      ../users/clerie
       ({ ... }: {
         nixpkgs.overlays = [
           (_: _: {
+            inherit (agenix.packages."x86_64-linux")
+              agenix;
             inherit (nixos-exporter.packages."x86_64-linux")
               nixos-exporter;
            })
@@ -31,6 +34,14 @@ rec {
       agenix.nixosModules.default
       solid-xmpp-alarm.nixosModules.solid-xmpp-alarm
       (../hosts + "/${name}/configuration.nix")
+      # Automatically load secrets from the hosts secrets directory
+      ({ lib, ... }: let
+        secretsPath = ../hosts + "/${name}/secrets";
+      in {
+        age.secrets = lib.mapAttrs' (filename: _: lib.nameValuePair (lib.removeSuffix ".age" filename) {
+          file = secretsPath + "/${filename}";
+        }) (lib.filterAttrs (name: type: (type == "regular") && (lib.hasSuffix ".age" name) ) (if builtins.pathExists secretsPath then builtins.readDir secretsPath else {}));
+      })
     ];
   };
 

users/clerie/default.nix

@@ -0,0 +1,12 @@
+{ ... }:
+
+{
+  users.users.clerie = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    openssh.authorizedKeys.keys = [
+      (builtins.readFile ./ssh.pub)
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnUBblmmVoMMBftn4EnwnzqR12m9zill51LpO124hHb10K2rqxNoq8tYSc2pMkV/3briZovffpe5SzB+m2MnXbtOBstIEXkrPZQ78vaZ/nLh7+eWg30lCmMPwjf2wIjlTXkcbxbsi7FbPW7FsolGkU/0mqGhqK1Xft/g7SnCXIoGPSSrHMXEv5dPPofCa1Z0Un+98wQTVfOSKek6TnIsfLbG01UFQVkN7afE4dqSmMiWwEm2PK9l+OiBA2/QzDpbtu9wsfTol4c192vFEWR9crB2YZ1JlMbjVWHjYmB7NFsS0A6lUOikss0Y+LUWS2/QuM/kqybSo4rasZMAIazM6D clerie"
+    ];
+  };
+}

users/clerie/ssh.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIzEQEWeunhkzP+invKjdsZe4rbUloixa374bYEhBSA5 clerie_id