I am new to NixOS and Flakes, and am creating a configuration that looks something like:
./
|
|--< flake.nix
|
|--[ <other directories that can be public>
|
...
|
|--[ secret/ # This is a git submodule for a private repo
secret/
contains any secrets I need to store with agenix, as .age
files.
This division ensures that my configuration can be public, while my secrets remain private (I don’t want any age
files exposed on GitHub publicly).
How do I go about using the secrets found in secret/
in other files? If I just include them by relative path (as I would if they were in the same repository), with something like:
age.secrets.my-secret = {
file = ../secrets/<secret file here>;
};
then they cannot be found in the store during the nixos-rebuild switch
call.
Is there a way to;
- Force the
nixos-rebuild switch
call to use submodules as well - Or, include the submodule in my Flake (as an input), such that it can be accessed by any files in the other repositories
- Or, have a Flake in the
secrets/
folder, that can somehow output all of the age secrets ready to be used
Thank you in advance for any assistance.