Add agenix secrets management

blu/quincy

Phase 3: Encrypted secrets

- Add secrets module with agenix integration
- Create secrets/secrets.nix template for key definitions
- Installer generates SSH key if missing
- Installer creates personalized secrets.nix with user's key
- Full documentation in docs/SECRETS.md

Features:
- Secrets encrypted with age using SSH keys
- Decrypted automatically at system activation
- Safe to commit .age files to git
- Support for WiFi passwords, API keys, service credentials

Usage:
  agenix -e secrets/my-secret.age
  age.secrets.my-secret.file = ./secrets/my-secret.age;

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

This commit is contained in:

Brandon Lucas

2026-02-15 02:56:25 -05:00

parent 6686a9f6b6

commit 5a52b3c159

6 changed files with 297 additions and 0 deletions

									
										1

modules/default.nix
									
												View File
												
				@@ -6,5 +6,6 @@

				    ./services

				    ./programs

				    ./performance

				    ./secrets

				  ];

				}

Add agenix secrets management

1 modules/default.nix Unescape Escape View File

1

modules/default.nix

View File