den
 1{
 2  inputs,
 3  config,
 4  lib,
 5  withSystem,
 6  den,
 7  ...
 8}: {
 9  flake-file.inputs.vaultix.url = "github:milieuim/vaultix";
10
11  imports = [inputs.vaultix.flakeModules.default];
12
13  flake.vaultix = let
14    secretDir = lib.path.append config.flake.meta.rootPath "secret";
15  in {
16    defaultSecretDirectory = secretDir;
17    identity = ./picokey.pub;
18    # TODO: Should not specific the editor host's plantform
19    # Need upstream fix
20    extraPackages = withSystem "x86_64-linux" ({pkgs, ...}: [pkgs.age-plugin-fido2-hmac]);
21  };
22  den.default.includes = [den.aspects.secret];
23
24  den.aspects.secret = {host, ...}: {
25    nixos = {
26      imports = [inputs.vaultix.nixosModules.default];
27      vaultix.settings.hostPubkey = host.pubkey;
28    };
29  };
30}