modules/nixos/clicks/security/secrets/default.nix - Infra/NixFiles - Gitiles

 # SPDX-FileCopyrightText: 2024 Auxolotl Infrastructure Contributors
 # SPDX-FileCopyrightText: 2024 Clicks Codes
 #
 # SPDX-License-Identifier: GPL-3.0-only

 { config, lib, pkgs, inputs, ... }: let
   cfg = config.clicks.security.secrets;
 in {
   options.clicks.security.secrets.enable = lib.mkOption {
     description = "Enable using agenix-rekey for secrets";
     type = lib.types.bool;
     default = config.clicks.defaults.enable;
   };

   options.age = {}; # Required definition for lib.optionalAttrs...

   config.age = lib.optionalAttrs cfg.enable {
     rekey = {
       masterIdentities =
       let
         keyPath = "${inputs.self}/secrets/keys";
       in  [
         "${keyPath}/minion/collabora-yubikey.pub"
         "${keyPath}/minion/tiny-yubikey.pub"
         "${keyPath}/minion/iyubikey.pub"
         "${keyPath}/coded/ShorthairNano.pub"
       ];
       storageMode = "local";
       generatedSecretsDir = lib.snowfall.fs.get-snowfall-file "secrets/generated/${config.networking.hostName}";
       localStorageDir = lib.snowfall.fs.get-snowfall-file "secrets/rekeyed/${config.networking.hostName}";
     };

     identityPaths = lib.mkIf config.clicks.storage.impermanence.enable [
       "/persist/data/etc/ssh/ssh_host_ed25519_key"
       "/persist/data/etc/ssh/ssh_host_rsa_key"
     ];
   };
 }
	# SPDX-FileCopyrightText: 2024 Auxolotl Infrastructure Contributors
	# SPDX-FileCopyrightText: 2024 Clicks Codes
	#
	# SPDX-License-Identifier: GPL-3.0-only

	{ config, lib, pkgs, inputs, ... }: let
	cfg = config.clicks.security.secrets;
	in {
	options.clicks.security.secrets.enable = lib.mkOption {
	description = "Enable using agenix-rekey for secrets";
	type = lib.types.bool;
	default = config.clicks.defaults.enable;
	};

	options.age = {}; # Required definition for lib.optionalAttrs...

	config.age = lib.optionalAttrs cfg.enable {
	rekey = {
	masterIdentities =
	let
	keyPath = "${inputs.self}/secrets/keys";
	in [
	"${keyPath}/minion/collabora-yubikey.pub"
	"${keyPath}/minion/tiny-yubikey.pub"
	"${keyPath}/minion/iyubikey.pub"
	"${keyPath}/coded/ShorthairNano.pub"
	];
	storageMode = "local";
	generatedSecretsDir = lib.snowfall.fs.get-snowfall-file "secrets/generated/${config.networking.hostName}";
	localStorageDir = lib.snowfall.fs.get-snowfall-file "secrets/rekeyed/${config.networking.hostName}";
	};

	identityPaths = lib.mkIf config.clicks.storage.impermanence.enable [
	"/persist/data/etc/ssh/ssh_host_ed25519_key"
	"/persist/data/etc/ssh/ssh_host_rsa_key"
	];
	};
	}