From 1c7da4b8831de1d18d0b88188e263a6f6156dd6f Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Tue, 25 Nov 2025 10:32:12 -0500 Subject: [PATCH] agenix --- modules/home/agenix.nix | 16 ++++++++++++++++ modules/home/default.nix | 1 + modules/home/work/juspay.nix | 4 +--- 3 files changed, 18 insertions(+), 3 deletions(-) create mode 100644 modules/home/agenix.nix diff --git a/modules/home/agenix.nix b/modules/home/agenix.nix new file mode 100644 index 0000000..f5ae20b --- /dev/null +++ b/modules/home/agenix.nix @@ -0,0 +1,16 @@ +{ flake, config, ... }: +let + inherit (flake.inputs) agenix; +in +{ + imports = [ + agenix.homeManagerModules.default + ]; + + # We use a separate SSH key for agenix decryption to avoid exposing the main + # private key (which is in 1Password) to the filesystem. + # + # To provision this key once: + # ssh-keygen -t ed25519 -f ~/.ssh/agenix + age.identityPaths = [ "${config.home.homeDirectory}/.ssh/agenix" ]; +} diff --git a/modules/home/default.nix b/modules/home/default.nix index d26c74b..2cfc354 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -12,5 +12,6 @@ # ./cli/zellij.nix ./cli/just.nix ./services/ttyd.nix + ./agenix.nix ]; } diff --git a/modules/home/work/juspay.nix b/modules/home/work/juspay.nix index 8316c09..3f5ce30 100644 --- a/modules/home/work/juspay.nix +++ b/modules/home/work/juspay.nix @@ -7,12 +7,11 @@ { flake, config, ... }: let inherit (flake) self; - inherit (flake.inputs) jumphost-nix agenix; + inherit (flake.inputs) jumphost-nix; in { imports = [ "${jumphost-nix}/module.nix" - agenix.homeManagerModules.default ]; # https://github.com/srid/jumphost-nix @@ -41,7 +40,6 @@ in # ANTHROPIC_API_KEY set in initExtra via agenix (see below) }; age = { - identityPaths = [ "${config.home.homeDirectory}/.ssh/agenix" ]; secrets = { juspay-anthropic-api-key.file = self + /secrets/juspay-anthropic-api-key.age; };