Move secret management to agenix

- https://nixos.wiki/wiki/Agenix
- https://github.com/ryantm/agenix
- https://jonascarpay.com/posts/2021-07-27-agenix.html

1 files changed, 10 insertions, 0 deletions

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 0000000..0f349a8
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,10 @@
+# This file conatins configuration for the agenix CLI. It is not actually
+# imported into the system cofniguration.
+
+let
+  metadata = builtins.fromTOML (builtins.readFile ../metadata.toml);
+  publicKeys = map (builtins.getAttr "sshPubKey") (builtins.attrValues metadata.hosts);
+in
+{
+  "cloudflare-ddns-token.age".publicKeys = publicKeys;
+}