phoebe: add agenix config

flake.nix

@@ -93,6 +93,7 @@
             ./hosts/phoebe/configuration.nix
             ./hosts/phoebe/syncthing.nix
             agenix.nixosModules.age
+            ./hosts/phoebe/secrets/agenix.nix
 
             # User-specific config
             home-manager.nixosModules.home-manager

hosts/phoebe/secrets/agenix.nix

@@ -0,0 +1,40 @@
+{ lib, ... }:
+
+# copied pretty much verbatim from hlissner's dotfiles repo:
+# https://github.com/hlissner/dotfiles/blob/4539d607778820cd6fd97b6c81c1cfcd6cb7e226/modules/agenix.nix
+#
+# I get the idea and understand what the code does, but it will probably take a while to fully write
+# something like this myself
+
+with builtins;
+with lib;
+let
+  secretsDir = ./.;
+  secretsFile = "${secretsDir}/secrets.nix";
+  payas = "payas";
+in
+{
+  # imports = [ agenix.nixosModules.age ];
+
+  # TODO: Find a way to make agenix available in the runtime NixOS evaluation
+  # environment.systemPackages = [ agenix.defaultPackage.x86_64-linux ];
+
+  age = {
+    secrets =
+      if pathExists secretsFile
+      then
+        mapAttrs'
+          (n: _: nameValuePair (removeSuffix ".age" n)
+            {
+              file = "${secretsDir}/${n}";
+              owner = payas;
+            })
+          (import secretsFile)
+      else
+        { };
+    identityPaths = lib.mkForce
+      [
+        "/home/payas/.ssh/age"
+      ];
+  };
+}

hosts/phoebe/secrets/secrets.nix

@@ -0,0 +1,4 @@
+let
+  ageKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPziuF0B4Vj/W434rpshcvQu2KieXjGc8HnwymLapyLu nixos@enterprise";
+in
+{ }