Add agenix secrets management

Phase 3: Encrypted secrets - Add secrets module with agenix integration - Create secrets/secrets.nix template for key definitions - Installer generates SSH key if missing - Installer creates personalized secrets.nix with user's key - Full documentation in docs/SECRETS.md Features: - Secrets encrypted with age using SSH keys - Decrypted automatically at system activation - Safe to commit .age files to git - Support for WiFi passwords, API keys, service credentials Usage: agenix -e secrets/my-secret.age age.secrets.my-secret.file = ./secrets/my-secret.age; Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-15 02:56:25 -05:00
parent 6686a9f6b6
commit 5a52b3c159
6 changed files with 297 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -29,6 +29,7 @@ Download the ISO from the releases page and boot from it for a fresh installatio
 - **Classical Theme** - Earthy, vintage aesthetic inspired by historical paintings
 - **Bootloader Choice** - systemd-boot (default) or Limine (prettier, more features)
 - **Plymouth** - Optional boot splash screen
+- **Secrets Management** - Encrypted secrets with agenix (WiFi passwords, API keys, etc.)

 ## Keybindings

@@ -85,6 +86,21 @@ extraModules = [

 Copy your wallpapers to `~/.config/nomarchy/wallpapers/` and they'll be used for the random rotation.

+## Secrets Management
+
+Nomarchy uses [agenix](https://github.com/ryantm/agenix) for encrypted secrets:
+
+```bash
+# Create a secret
+cd ~/.config/nomarchy
+agenix -e secrets/wifi-password.age
+
+# Use in your config
+age.secrets.wifi-password.file = ./secrets/wifi-password.age;
+```
+
+See [docs/SECRETS.md](docs/SECRETS.md) for full documentation.
+
 ## Structure

 ```