Modules/Agenix: Change to system module

home/christoph/default.nix

@@ -300,6 +300,25 @@
     file = lib.mkMerge [
       {
         ".ssh/id_ed25519.pub".text = "${publicKeys.${username}.ssh}";
+
+        # The user will be able to decrypt .age files using agenix.
+        # On each user/machine, this should generate a corresponding secrets.nix
+        "${config.paths.nixflake}/system/modules/agenix/secrets.nix".text = let
+          mkSecret = key: name: "\"${name}.age\".publicKeys = [\"${key}\"];";
+        in ''
+          # NOTE: This file will contain keys depending on the host/by which user it was built on.
+          {
+            ${lib.optionalString
+            # If this user defined any secrets...
+            (builtins.hasAttr "${username}" nixosConfig.modules.agenix.secrets)
+            # ...we will add them to the current secrets.nix,
+            # s.t. agenix can be used to encrypt the secret.
+            (builtins.concatStringsSep "\n"
+              (builtins.map
+                (mkSecret publicKeys.${username}.ssh)
+                nixosConfig.modules.agenix.secrets.${username}))}
+          }
+        '';
       }
       (lib.mkIf nixosConfig.modules.desktopportal.termfilechooser.enable {
         ".config/xdg-desktop-portal-termfilechooser/config".text = ''

home/christoph/nixinator/default.nix

@@ -4,7 +4,6 @@
   nixosConfig,
   config,
   lib,
-  username,
   ...
 }: {
   imports = [
@@ -13,8 +12,6 @@
 
   config = {
     modules = {
-      # agenix.secrets.${username} = [];
-
       hyprland = {
         kb-layout = "us";
         kb-variant = "altgr-intl";

home/christoph/servenix/default.nix

@@ -11,15 +11,6 @@
   ];
 
   config = {
-    modules = {
-      agenix.secrets.${username} = [
-        "heidi-discord-token"
-        "kopia-password"
-        "kopia-server-username"
-        "kopia-server-password"
-      ];
-    };
-
     home.packages = with pkgs; [
       docker-compose
     ];