wip: add agenix

flake.nix

@@ -10,6 +10,11 @@
     rust-overlay.url = "github:oxalica/rust-overlay";
     nix-vscode-extensions.url = "github:nix-community/nix-vscode-extensions";
 
+    agenix = {
+      url = "github:ryantm/agenix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     nixos-wsl = {
       url = "github:nix-community/NixOS-WSL";
       inputs = {
@@ -39,6 +44,7 @@
     nixpkgs,
     unstable,
     nur,
+    agenix,
     utils,
     rust-overlay,
     nix-vscode-extensions,
@@ -113,6 +119,12 @@
           }
 
           ./machines/thinkcentre/configuration.nix
+          agenix.nixosModules.default
+          {
+            environment.systemPackages = [
+              agenix.packages.x86_64-linux.default
+            ];
+          }
         ];
         specialArgs = {inherit inputs;};
       };

secrets/secrets.nix

@@ -0,0 +1,8 @@
+let
+  venus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKlbfu7ApeF0khvdzMSWfDaunI+5zy/BboN7qEE4jWd2 root@venus";
+  oracle = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPc/HYsbpVsyoU2n0EiqQ4+3aSiFPtddjPCGK187W24f michael@oracle";
+  # systems = [system1];
+in {
+  "wireguard-thinkcentre.age".publicKeys = venus;
+  "wireguard-oracle.age".publicKeys = oracle;
+}

secrets/wireguard-thinkcentre.age

@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 ZRcQJQ hW/podq9plJd2PjecAKIDoIrBauv2xW4fX8KnUqDWX0
+chaSLI/n9PJgS4GVLbpv72JT/ddzrQ9w5aRt8kvLr5s
+-> ssh-ed25519 jBnYqQ rkO818kLhDFnnCFLFh3UkniZXscuSnVKGkf+2nck+CI
+3TZVgJ6xRG0DyBjuhT+V7tr4XEauvhFh8fDJmK0Pf18
+--- P7UYIFfZ65jY4bM+MUXYptXT8UOnAkhcLqrXniG1EmQ
+@>Âû=¸ËØ=øg(n’‘<E28099>WˇA£¥“ÊÛ
0*Zä	}¹<ÙUPø×n9ç¶q w¼¸â¢d‹{%O-	&0<>ýÝôq›ê†I­,7Ëí}àiYö<59>6ÙõµÖ’ëëÔŠKª0í9
îY«®ÒÆ[°œJ3µ#Ä<>•ì<E280A2> ®´À¯>kñ±–Ö
!‘µm<C2B5>f/ùthÞÇß
+Ï*òm?‡s×óTÔ a}ŽÖ;l¦YÓF)]í<>‡©[