Home

Awesome

homeage - runtime decrypted age secrets for nix home manager

homeage is a module for home-manager that enables runtime decryption of declarative age files.

Features

Management Scheme

Pre-Build:

Post-build:

Systemd Installation

Service Start:

Service Stop:

Home-manager activation:

Activation Installation

Home-manager activation:

Getting started

Non-flake

If you are using homeage without nix flakes feel free to contribute an example config.

Nix Flakes

Import homeage.homeManagerModules.homeage into the configuration and set valid homeage.identityPaths and your all set.

{
  inputs = {
    nixpkgs.url = "nixpkgs/nixos-unstable";
    home-manager = {
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    homeage = {
      url = "github:jordanisaacs/homeage";
      # Optional
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs = { nixpkgs, homeage, ... }@inputs:
    let
      pkgs = import nixpkgs {
        inherit system;
      };
      
      system = "x86_64-linux";
      username = "jd";
      stateVersion = "21.05";
    in {
      homeManagerConfigurations = {
        jd = home-manager.lib.homeManagerConfiguration {
          inherit system stateVersion username pkgs;
          home.homeDirectory = "/home/${username}";

          configuration = {
            home.stateVersion = stateVersion;
            home.username = username;
            home.homeDirectory = "/home/${username}";

            homeage = {
                # Absolute path to identity (created not through home-manager)
                identityPaths = [ "~/.ssh/id_ed25519" ];

                # "activation" if system doesn't support systemd
                installationType = "systemd";

                file."pijulsecretkey" = {
                  # Path to encrypted file tracked by the git repository
                  source = ./secretkey.json.age;
                  symlinks = [ "${config.xdg.configHome}/pijul/secretkey.json" ];
                  copies = [ "${config.xdg.configHome}/no-symlink-support/secretkey.json" ];
                };
            };

            imports = [ homeage.homeManagerModules.homeage ];
          };
        };
      };
    };
}

Options

See source for all the options and their descriptions.

Acknowledgments

The inspiration for this came from RaitoBezarius' pull request to agenix. I have been trying to figure out how to do secrets with home manager for a while and that PR laid out the foundational ideas for how to do it!