Agenix

From NixOS Wiki
Revision as of 10:45, 29 December 2022 by imported>Onny (Initial page)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

agenix is a commandline tool for managing secrets encrypted with your existing SSH keys. The project also includes the NixOS module age for adding encrypted secrets into the Nix store and decrypting them.

Installation

The following example describes an installation via Flakes. For further installation methods see the upstream documentation.

{
  inputs.agenix.url = "github:ryantm/agenix";
  # optional, not necessary for the module
  #inputs.agenix.inputs.nixpkgs.follows = "nixpkgs";

  outputs = { self, nixpkgs, agenix }: {
    nixosConfigurations.yourhostname = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [
        ./configuration.nix
        agenix.nixosModule
      ];
    };
  };
}

Change yourhostname to your actual hostname and x86_64-linux to your system architecture.

After that installing the agenix client application can be achieved like this

{ config, pkgs, lib, inputs, ... }:{
  environment.systemPackages = [
    inputs.agenix.defaultPackage."${system}"
  ];
}

Configuration