I am new to NixOS and Flakes, and am creating a configuration that looks something like:
./
|
|--< flake.nix
|
|--[ <other directories that can be public>
|
...
|
|--[ secret/ # This is a git submodule for a private repo
secret/ contains any secrets I need to store with agenix, as .age files.
This division ensures that my configuration can be public, while my secrets remain private (I don’t want any age files exposed on GitHub publicly).
How do I go about using the secrets found in secret/ in other files? If I just include them by relative path (as I would if they were in the same repository), with something like:
age.secrets.my-secret = {
file = ../secrets/<secret file here>;
};
then they cannot be found in the store during the nixos-rebuild switch call.
Is there a way to;
- Force the
nixos-rebuild switchcall to use submodules as well - Or, include the submodule in my Flake (as an input), such that it can be accessed by any files in the other repositories
- Or, have a Flake in the
secrets/folder, that can somehow output all of the age secrets ready to be used
Thank you in advance for any assistance.