agenix

modules/base/default.nix

@@ -2,5 +2,6 @@
   imports = [
     ./nix.nix
     ./locale.nix
+    ./secrets.nix
   ];
 }

modules/base/secrets.nix

@@ -0,0 +1,26 @@
+{
+  lib,
+  config,
+  inputs,
+  ...
+}: let
+  inherit (lib) mkEnableOption mkIf;
+  cfg = config.horseman.base.secrets;
+in {
+  options = {
+    horseman.base.secrets = {
+      enable = mkEnableOption "";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = [
+      inputs.agenix.packages.x86_64-linux.default
+    ];
+
+    age.secrets.wifi = {
+      file = ../../secrets/wifi.age;
+      path = "/run/secrets/wifi.conf";
+    };
+  };
+}

secrets.nix

@@ -0,0 +1,13 @@
+let
+  luna = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICZuSoySTECpPfwOe4u311F0WaiYbWHsk+7Fqe5RgSu1 horseman@luna";
+  terra = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPb4xCSo9JDflQJs8CsCjDWZSFXdavI9c9aqqozkL8OM horseman@terra";
+  solis = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/X1pzKCThxxIkrb7ooBN+eJW8BKr8vJT7c1L7UjSfF horseman@solis";
+
+  users = [luna solis terra];
+
+  lunaSys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFu+XwTX1vF8Xqlna99Tu50TBT0cmOatb2LLwnC/33DU root@luna";
+
+  systems = [lunaSys];
+in {
+  "secrets/wifi.age".publicKeys = users ++ systems;
+}

secrets/wifi.age

@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 w+hMqg 9sdpcLDuZ+wiDWEjeiHHILMAmqCdu2DGQwAJE37zG28
+Qu7nl1BwngQ5kl/cjwiDZVoZpFh9cMRdN3SADAznXdE
+-> ssh-ed25519 FHFszw eIn9PwbNwzqSk3OO8GFMZVAE7Zjx8z/ppDw3Iy7nCC0
+ptezljeFbJ20PQEhMKH3tzn6TyAjfUWyNSf8HAZtEto
+-> ssh-ed25519 FfvxwA 8ridoEhnBrUP4MxPO4mqO93jvqbNMZq533H7Wnpmo1w
+ntc/vZRr+1n/B+LfQ+60W3KPuQHSRGpMs4a1IObqTa0
+-> ssh-ed25519 gPIdZA gQtVTYcgCi5tYDdd+f2//rqdv2CYezgNtLbcE6URUWU
+827I/5ACBB1miHTnPaLUCJJMuoqvmd0LZ34sD7fueqo
+--- Ex3jmYH2HLhPAPUoyh5AbC/iku4Hld+q6KmzIyt/SkM
+-Z®T`@d‹m<“óžÓu~U¡Gp›L¸#"ö?ù²Ì…7Š>BuÁä\ì™ÛU±VÍ(K1õ÷Ä‹|GžJFvÚc«y¹aî/àß«%ð¤MD0v,õ·µÀ4µ¥àοç"•úï‘£B¾ˆYÛoc!ÙHÈ”¢_i«´»äMß±¶w·Nãæ˜#&$–Švòˆp¯P¤{ˆî