den
1{
2 inputs,
3 config,
4 lib,
5 withSystem,
6 den,
7 ...
8}: {
9 flake-file.inputs.vaultix.url = "github:milieuim/vaultix";
10
11 imports = [inputs.vaultix.flakeModules.default];
12
13 flake.vaultix = let
14 secretDir = lib.path.append config.flake.meta.rootPath "secret";
15 in {
16 defaultSecretDirectory = secretDir;
17 identity = ./picokey.pub;
18 # TODO: Should not specific the editor host's plantform
19 # Need upstream fix
20 extraPackages = withSystem "x86_64-linux" ({pkgs, ...}: [pkgs.age-plugin-fido2-hmac]);
21 };
22 den.default.includes = [den.aspects.secret];
23
24 den.aspects.secret = {host, ...}: {
25 nixos = {
26 imports = [inputs.vaultix.nixosModules.default];
27 vaultix.settings.hostPubkey = host.pubkey;
28 };
29 };
30}