4 files changed, 77 insertions, 6 deletions

diff --git a/flake.lock b/flake.lock
index 6da49c2f..dbe65c59 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,26 @@
 {
   "nodes": {
+    "agenix": {
+      "inputs": {
+        "darwin": "darwin",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1676599101,
+        "narHash": "sha256-CKS6UsOGhoNxGDBt9wyFiWHvtng/+BMAJ4G8ahhe1DE=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "de657061b13cf329c57a1a9730a5049a971b40b3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
     "crane": {
       "inputs": {
         "flake-compat": "flake-compat",
@@ -24,6 +45,28 @@
         "type": "github"
       }
     },
+    "darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1673295039,
+        "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
     "flake-compat": {
       "flake": false,
       "locked": {
@@ -141,6 +184,7 @@
     },
     "root": {
       "inputs": {
+        "agenix": "agenix",
         "home-manager": "home-manager",
         "impermanence": "impermanence",
         "neovim_config": "neovim_config",
diff --git a/flake.nix b/flake.nix
index 9c602019..58821993 100644
--- a/flake.nix
+++ b/flake.nix
@@ -3,6 +3,17 @@
   description = "Nixos system config";
 
   inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    home-manager = {
+      url = "github:nix-community/home-manager/master";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    agenix = {
+      url = "github:ryantm/agenix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     neovim_config = {
       url = "git+https://codeberg.org/ene/neovim-config.git";
       flake = false;
@@ -13,12 +24,6 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
-    home-manager = {
-      url = "github:nix-community/home-manager/master";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
     user_js = {
       url = "github:arkenfox/user.js";
       flake = false;
@@ -37,6 +42,7 @@
     strip_js_comments,
     user_js,
     impermanence,
+    agenix,
     ...
   } @ inputs: {
     nixosConfigurations.Tiamat = nixpkgs.lib.nixosSystem rec {
@@ -44,6 +50,7 @@
       specialArgs = inputs;
       modules = [
         ./hosts/desktop/configuration.nix
+        agenix.nixosModules.default
 
         home-manager.nixosModules.home-manager
         {
diff --git a/secrets/nheko b/secrets/nheko
new file mode 100644
index 00000000..bda46cb6
--- /dev/null
+++ b/secrets/nheko
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 iv0Cfg evi+poJEQEwkKUjKS1H79C2M9j4a1QtKVFShPdlQOB0
+FKSfqUvF2wG3otJ2rY38htOfsY9NQkjXu9LOiSklGZo
+-> ssh-ed25519 KLPP8w Sy4Dp+SKownQjB2o7xBZD1fkPcrFksBJUdrf+KYmlDQ
+r9IUP1vP0exnJMD/y/zeuQXmQBZ8LbJEltk8nL+jQRY
+-> }P,R5-grease T|\P8?C Ut7<F@3.
+B1oKq9WyQYHAVZC0DNM1w99po0jWheKx693EZsafU46YRf31ZBM/QZVuSHYq3AvZ
+TTOm2nd5MU5fxEPtzXRfA1MhvjLKO+TVooovpLIDbe7OTDbuP0OGNLLimr4EOCWv
+Zg
+--- gVsq7F0ECC4XLRUKFUzxv6Dr8nk25A9Ww1pUXSh9CUQ
+絪�X�	��M�0m'C�2³�?��{m�� �[3��:��F�x���t����	c}�)�|�%M�=�
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 00000000..7540e74b
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,9 @@
+# vim: ts=2
+let
+  user1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL8QLS9IonN8Rhp1yZGDBWc0UoTLH6yQuXWKctorDZNy";
+
+  # TODO add the ssh-key of the targeted host
+  system1 = "";
+in {
+  "nheko".publicKeys = [user1 system1];
+}