feat: use flake-parts for agenix-rekey

2025-10-11 07:10:39 +02:00 · 2024-05-29 15:19:10 +02:00 · 2024-05-29 15:19:10 +02:00 · 6fd64972fa
commit 6fd64972fa
parent 78f79917f1
4 changed files with 40 additions and 33 deletions
--- a/nix/agenix-rekey.nix
+++ b/nix/agenix-rekey.nix
@ -1,23 +1,37 @@
-{inputs, ...}: {
-  flake = {config, ...}: {
+{
+  inputs,
+  self,
+  ...
+}: {
+  imports = [
+    inputs.agenix-rekey.flakeModule
+  ];
+
+  flake = {
    # The identities that are used to rekey agenix secrets and to
    # decrypt all repository-wide secrets.
    secretsConfig = {
      masterIdentities = [../secrets/yk1-nix-rage.pub];
      extraEncryptionPubkeys = [../secrets/backup.pub];
    };
-
-    agenix-rekey = inputs.agenix-rekey.configure {
-      userFlake = inputs.self;
-      inherit (config) nodes pkgs;
-    };
  };

-  perSystem.devshells.default.env = [
-    {
-      # Always add files to git after agenix rekey and agenix generate.
-      name = "AGENIX_REKEY_ADD_TO_GIT";
-      value = "true";
-    }
-  ];
+  perSystem = {config, ...}: {
+    agenix-rekey.nodes = self.nodes;
+    devshells.default = {
+      commands = [
+        {
+          inherit (config.agenix-rekey) package;
+          help = "Edit, generate and rekey secrets";
+        }
+      ];
+      env = [
+        {
+          # Always add files to git after agenix rekey and agenix generate.
+          name = "AGENIX_REKEY_ADD_TO_GIT";
+          value = "true";
+        }
+      ];
+    };
+  };
 }