From 750fdf61017d435e9a39660f5cfe7cd2dd724293 Mon Sep 17 00:00:00 2001
From: Christoph Urlacher <christoph.urlacher@protonmail.com>
Date: Wed, 9 Jul 2025 13:59:10 +0200
Subject: [PATCH] Modules/Agenix: Add dockerhub credentials

---
 home/christoph/default.nix                   | 2 +-
 system/default.nix                           | 4 ++++
 system/modules/agenix/dockerhub-password.age | 5 +++++
 system/modules/agenix/options.nix            | 2 +-
 4 files changed, 11 insertions(+), 2 deletions(-)
 create mode 100644 system/modules/agenix/dockerhub-password.age

diff --git a/home/christoph/default.nix b/home/christoph/default.nix
index 968560af..5158d749 100644
--- a/home/christoph/default.nix
+++ b/home/christoph/default.nix
@@ -312,7 +312,7 @@
             # If this user defined any secrets...
             (builtins.hasAttr "${username}" nixosConfig.modules.agenix.secrets)
             # ...we will add them to the current secrets.nix,
-            # s.t. agenix can be used to encrypt the secret.
+            # s.t. agenix can be used to encrypt/access them.
             (builtins.concatStringsSep "\n"
               (builtins.map
                 (mkSecret publicKeys.${username}.ssh)
diff --git a/system/default.nix b/system/default.nix
index 847f95d4..54e39077 100644
--- a/system/default.nix
+++ b/system/default.nix
@@ -25,6 +25,10 @@ with mylib.networking; {
   ];
 
   modules = {
+    agenix.secrets.${username} = [
+      "dockerhub-password"
+    ];
+
     bootloader = {
       enable = true;
 
diff --git a/system/modules/agenix/dockerhub-password.age b/system/modules/agenix/dockerhub-password.age
new file mode 100644
index 00000000..05a9b85a
--- /dev/null
+++ b/system/modules/agenix/dockerhub-password.age
@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 PW+5DQ z6Fm40D2nCJvvFsQdj9V4zcvVBpjFAvLZh17cEtLEx8
+hIyc+AUuEiIv6TobnNawdyEswAAQ4kQeh5n0yaVT/mY
+--- Yhxh9hnsPfHYcmmrpQm5Up0VzRh2ndoF3R3W+7ojW58
+b¸¶àñ?´‚ú Ì™WcÏÿú…­æR•”<‰@þyŽ˜Ðþ1z%ê4EWuÕ7	Œ<¢”¸'ßàCg9!è`cv
\ No newline at end of file
diff --git a/system/modules/agenix/options.nix b/system/modules/agenix/options.nix
index e7541cca..62d5d8c8 100644
--- a/system/modules/agenix/options.nix
+++ b/system/modules/agenix/options.nix
@@ -5,7 +5,7 @@
 }: {
   secrets = lib.mkOption {
     type = lib.types.attrs;
-    description = "The secret files managed by agenix (and their associated keys)";
+    description = "The secret files managed by agenix (encrypted by SSH key)";
     example = ''
       {
         christoph = [