I’ve been wondering about this too. I’m attempting to convert my Home Manager configuration to flakes and the main issue I have right now is how to manage private Nix expressions.
My current pre-flake approach is to have home.nix
in my public repository import all code in ~/.config/nixpkgs/home.d
alongside those in the repository itself. This way, I can obtain a single usable Home Manager configuration on any online computer and also mix private configuration when needed. But the downside is, it’s fundamentally impure and thus incompatible with flakes.
The current solution I have in mind is to create a private flake that takes as input my public flake, but it’s bit of chore to maintain two separate flakes. Other solutions I’ve seen so far either can’t encrypt Nix expressions or require decryption of private configuration even when you don’t want them. So I’m curious if there’s an alternative approach.