{ inputs, lib, ... }: let inherit (builtins) elem; inherit (lib.attrsets) concatMapAttrs filterAttrs; inherit (lib.strings) removeSuffix; secrets = import ./secrets.nix; in { flake = { inherit secrets; nixosModules.ageSecrets = ( { config, ... }: { imports = [ inputs.agenix.nixosModules.default ]; options.x_fediversity.hostPublicKey = lib.mkOption { description = '' The host public key of the machine. It is used in particular to filter Age secrets and only keep the relevant ones. ''; }; config.age.secrets = concatMapAttrs (name: _: { ${removeSuffix ".age" name}.file = ./. + "/${name}"; }) (filterAttrs (_: secret: elem config.x_fediversity.hostPublicKey secret.publicKeys) secrets); } ); }; }