Modules: Deprecate agenix module (replace with sops-nix)

2025-07-09 15:29:33 +02:00
parent b05b207462
commit 8fcddf1f37
17 changed files with 61 additions and 186 deletions
--- a/home/christoph/default.nix
+++ b/home/christoph/default.nix
@ -300,25 +300,6 @@
    file = lib.mkMerge [
      {
        ".ssh/id_ed25519.pub".text = "${publicKeys.${username}.ssh}";
-
-        # The user will be able to decrypt .age files using agenix.
-        # On each user/machine, this should generate a corresponding secrets.nix
-        "${config.paths.nixflake}/system/modules/agenix/secrets.nix".text = let
-          mkSecret = key: name: "\"${name}.age\".publicKeys = [\"${key}\"];";
-        in ''
-          # NOTE: This file will contain keys depending on the host/by which user it was built on.
-          {
-            ${lib.optionalString
-            # If this user defined any secrets...
-            (builtins.hasAttr "${username}" nixosConfig.modules.agenix.secrets)
-            # ...we will add them to the current secrets.nix,
-            # s.t. agenix can be used to encrypt/access them.
-            (builtins.concatStringsSep "\n"
-              (builtins.map
-                (mkSecret publicKeys.${username}.ssh)
-                nixosConfig.modules.agenix.secrets.${username}))}
-          }
-        '';
      }
      (lib.mkIf nixosConfig.modules.desktopportal.termfilechooser.enable {
        ".config/xdg-desktop-portal-termfilechooser/config".text = ''
@ -551,9 +532,7 @@
    keychain = {
      enable = true;
      enableFishIntegration = config.modules.fish.enable;
-      enableNushellIntegration = false;
      enableXsessionIntegration = !headless;
-      # agents = ["ssh"]; # Deprecated
      keys = ["id_ed25519"];
    };