From 7f69cd5a0a8a133da6ee2ab363dd99cb6b6d172f Mon Sep 17 00:00:00 2001
From: aeltheos <aeltheos@crans.org>
Date: Thu, 13 Feb 2025 18:00:49 +0100
Subject: [PATCH] aeltheos age keys and devshells

---
 devshells/default.nix |  5 +++--
 flake.nix             |  6 ++----
 secrets.nix           | 26 +++++++++-----------------
 3 files changed, 14 insertions(+), 23 deletions(-)

diff --git a/devshells/default.nix b/devshells/default.nix
index af2d19e..af1eb17 100644
--- a/devshells/default.nix
+++ b/devshells/default.nix
@@ -1,10 +1,11 @@
-{ pkgs }:
+{ pkgs, agenix }:
 
 pkgs.mkShell {
   name = "nix";
 
   packages = with pkgs; [
-    agenix
+    agenix.packages.x86_64-linux.default
+    age-plugin-yubikey
     nil
     nixpkgs-fmt
     ssh-to-age
diff --git a/flake.nix b/flake.nix
index c616d78..b05c87a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -27,9 +27,7 @@
       ...
     }:
     flake-parts.lib.mkFlake { inherit inputs; } {
-      imports = [
-        inputs.treefmt-nix.flakeModule
-      ];
+      imports = [ inputs.treefmt-nix.flakeModule ];
 
       systems = [ "x86_64-linux" ];
 
@@ -85,7 +83,7 @@
           };
 
           devShells = {
-            default = pkgs.callPackage ./devshells/default.nix { };
+            default = pkgs.callPackage ./devshells/default.nix { inherit (inputs) agenix; };
           };
         };
     };
diff --git a/secrets.nix b/secrets.nix
index da458c8..533743e 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -4,6 +4,8 @@ let
   korenstin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIh26Ejn/syhvReixauY8i85+XD8P9RRJrPQGEyAQ07l klin@nixos";
   lzebulon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJRSBsRgd/ITK2An7q1VXoeDPbcydR3FkQjHoO+1tAAO lzebulon@archframe";
   pigeonmoelleux = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHa+ptSTNG4mnGUEGSkHTNDzyUGeiMnaWS2nDvJwrYTp ratcornu@skryre";
+  aeltheos_0 = "age1yubikey1qvn7t9hplvnr2w8nsfezfqudz8gq3v8sq99dkdpzmm4a74rng5qgz4v6wzt";
+  aeltheos_1 = "age1yubikey1qwmt8heph3jg9sfva3yygphfw0nqed9hs8ndjsfw8yp86kwllearq9fylz2";
 
   nounous = [
     korenstin
@@ -65,13 +67,9 @@ let
 
   # Secrets
 
-  commonSecrets = [
-    "restic/client_env"
-  ];
+  commonSecrets = [ "restic/client_env" ];
 
-  acmeSecrets = [
-    "acme/env"
-  ];
+  acmeSecrets = [ "acme/env" ];
 
   # Fonctions utilitaires
 
@@ -80,11 +78,7 @@ let
   genAttrs =
     paths: groups:
     builtins.foldl' (
-      acc: secret:
-      acc
-      // {
-        "secrets/${secret}.age".publicKeys = groups ++ nounous;
-      }
+      acc: secret: acc // { "secrets/${secret}.age".publicKeys = groups ++ nounous; }
     ) { } paths;
 
 in
@@ -98,12 +92,10 @@ in
     let
       key = hosts.${name};
     in
-    genAttrs
-      [
-        "restic/${name}/base-repo"
-        "restic/${name}/base-password"
-      ]
-      [ key ]
+    genAttrs [
+      "restic/${name}/base-repo"
+      "restic/${name}/base-password"
+    ] [ key ]
   )
 ) { } (remove "thot" hostnames)
 // builtins.mapAttrs (name: value: { publicKeys = value.publicKeys ++ nounous; }) {