agenix-shell

agenix-shell is the agenix counterpart for devShell. It provides options used to define a shellHook that, when added to your devShell, automatically decrypts secrets and export them.

Here's a template you can start from.

Installation

To use these options, add to your flake inputs:

agenix-shell.url = "github:aciceri/agenix-shell";

and inside the mkFlake:

imports = [
  inputs.agenix-shell.flakeModules.default
];

Run nix flake lock and you're set.

Options

agenix-shell.identityPaths

agenix-shell.secrets

agenix-shell.secrets.<name>.file

agenix-shell.secrets.<name>.mode

agenix-shell.secrets.<name>.path

agenix-shell.secretsPath

perSystem.agenix-shell.package

perSystem.agenix-shell.installationScript

`agenix-shell.identityPaths`

Path to SSH keys to be used as identities in age decryption.

Type: list of string

Default:

[
  "$HOME/.ssh/id_ed25519"
  "$HOME/.ssh/id_rsa"
]

Declared by:

agenix-shell/flakeModules/agenix-shell.nix

`agenix-shell.secrets`

Attrset of secrets.

Type: attribute set of (submodule)

Example:

{
  foo.file = "secrets/foo.age";
  bar = {
    file = "secrets/bar.age";
    mode = "0440";
  };
}

Declared by:

agenix-shell/flakeModules/agenix-shell.nix

`agenix-shell.secrets.<name>.file`

Age file the secret is loaded from.

Type: path

Declared by:

agenix-shell/flakeModules/agenix-shell.nix

`agenix-shell.secrets.<name>.mode`

Permissions mode of the decrypted secret in a format understood by chmod.

Type: string

Default: "0400"

Declared by:

agenix-shell/flakeModules/agenix-shell.nix

`agenix-shell.secrets.<name>.path`

Path where the decrypted secret is installed.

Type: string

Default: "${config.agenix-shell.secretsPath}/<name>"

Declared by:

agenix-shell/flakeModules/agenix-shell.nix

`agenix-shell.secretsPath`

Where the secrets are created.

Type: string

Default: "/run/user/$(id -u)/agenix-shell/$(git rev-parse --show-toplevel | xargs basename)"

Declared by:

agenix-shell/flakeModules/agenix-shell.nix

`perSystem.agenix-shell.package`

The age package to use.

Type: package

Default: pkgs.rage

Declared by:

agenix-shell/flakeModules/agenix-shell.nix

`perSystem.agenix-shell.installationScript`

Script that exports secrets as variables, it’s meant to be used as hook in devShells.

Type: package

Default: An automatically generated package

Declared by:

agenix-shell/flakeModules/agenix-shell.nix

flake-parts