I’ve setup sops-nix and I’m able to encrypt specific secret values, but is it also possible to encrypt entire Nix modules? Via my Google-fu I’ve gotten the impression that this was a feature of sops-nix but it doesn’t seem so, only for atomic secrets.
Is agenix able to do this? Only other things I’m aware of that probably are made for that are git-crypt or a git submodule with my private Nix modules in a private repo.