Use agenix for secrets

2025-07-02 00:13:24 -07:00 · 2025-07-02 00:13:24 -07:00 · 11dfa3cc1a
commit 11dfa3cc1a
parent e6ad5687d0
9 changed files with 124 additions and 28 deletions
--- a/flake.nix
+++ b/flake.nix
@ -7,17 +7,19 @@
      url = "github:fossar/nix-phps";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+    agenix = {
+      url = "github:ryantm/agenix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
    common.url = "git+https://git.uninsane.org/nettika/nettika-common";
  };

-  outputs = { nixpkgs, phps, common, ... }: {
-    nixosConfigurations.marauder = nixpkgs.lib.nixosSystem {
+  outputs = { nixpkgs, phps, common, agenix, ... }: {
+    nixosConfigurations.marauder = nixpkgs.lib.nixosSystem rec {
      system = "x86_64-linux";
-      modules = [ ./configuration.nix common.nixosModule ];
-      specialArgs = {
-        inherit phps;
-        secrets = builtins.fromJSON (builtins.readFile ./secrets.json);
-      };
+      modules =
+        [ ./configuration.nix common.nixosModule agenix.nixosModules.default ];
+      specialArgs = { inherit phps agenix; };
    };
  };
 }