From 7409fef3cbe6bba6c66ce8b03aef6c2d9dc6c7e7 Mon Sep 17 00:00:00 2001
From: Timo Wilken
Date: Sun, 5 Nov 2023 01:03:55 +0100
Subject: Add secrets service

Allow managing secrets and passwords using Guix.

Secrets are encrypted in the Guix channel repository and decrypted using a
single host key at activation time.
---
 tw/home.scm | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'tw/home.scm')

diff --git a/tw/home.scm b/tw/home.scm
index 17cb7da7..6b0402db 100644
--- a/tw/home.scm
+++ b/tw/home.scm
@@ -18,6 +18,8 @@
   #:use-module (tw packages ci)
   #:use-module (tw packages games)
   #:use-module (tw packages xorg)
+  #:use-module ((tw services secrets)
+                #:select (encsecret-program))
   #:use-module (tw system)
   #:use-module (tw theme))
 
@@ -170,6 +172,7 @@
 
    (simple-service 'common-files home-files-service-type
      `((".infokey" ,(local-file "home/files/infokey"))
+       (".local/bin/encsecret" ,encsecret-program)
        ;; With #:recursive? #t, Guix keeps the files' permission bits, i.e. makes them executable.
        (".local/bin/ppscm" ,(local-file "home/files/ppscm" #:recursive? #t))))  ; pretty-print scheme files
 
-- 
cgit v1.2.3