feat: reenable immich with native module, prepare nixos-extra-modules update

2025-10-10 23:00:39 +02:00 · 2025-09-13 20:18:54 +02:00 · 2025-09-13 20:18:54 +02:00 · 157c303f38
commit 157c303f38
parent ef2f2a9b77
25 changed files with 1521 additions and 184 deletions
--- a/flake/agenix-rekey.nix
+++ b/flake/agenix-rekey.nix
@ -0,0 +1,40 @@
+{
+  inputs,
+  self,
+  ...
+}:
+{
+  imports = [
+    inputs.agenix-rekey.flakeModule
+  ];
+
+  flake = {
+    # The identities that are used to rekey agenix secrets and to
+    # decrypt all repository-wide secrets.
+    secretsConfig = {
+      masterIdentities = [ "\"$DEVSHELL_DIR\"/secrets/yk1-nix-rage.pub" ];
+      extraEncryptionPubkeys = [ ../secrets/backup.pub ];
+    };
+  };
+
+  perSystem =
+    { config, ... }:
+    {
+      agenix-rekey.nixosConfigurations = self.nodes;
+      devshells.default = {
+        commands = [
+          {
+            inherit (config.agenix-rekey) package;
+            help = "Edit, generate and rekey secrets";
+          }
+        ];
+        env = [
+          {
+            # Always add files to git after agenix rekey and agenix generate.
+            name = "AGENIX_REKEY_ADD_TO_GIT";
+            value = "true";
+          }
+        ];
+      };
+    };
+}