use agenix to manage secrets in the repository

1 files changed, 24 insertions, 4 deletions

diff --git a/flake.nix b/flake.nix
index 90a217f..83db950 100644
--- a/flake.nix
+++ b/flake.nix
@@ -20,17 +20,33 @@
     };
 
     flake-utils.url = "github:numtide/flake-utils";
+
     pre-commit-hooks = {
       url = "github:cachix/pre-commit-hooks.nix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-    devshell.url = "github:numtide/devshell";
-    devshell.inputs.nixpkgs.follows = "nixpkgs";
+
+    devshell = {
+      url = "github:numtide/devshell";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    agenix = {
+      url = "github:ryantm/agenix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   # Output config, or config for NixOS system
   outputs =
-    { nixpkgs, darwin, flake-utils, pre-commit-hooks, devshell, ... }@inputs:
+    { nixpkgs
+    , darwin
+    , flake-utils
+    , pre-commit-hooks
+    , devshell
+    , agenix
+    , ...
+    }@inputs:
     flake-utils.lib.eachDefaultSystem
       (system:
       let
@@ -53,7 +69,11 @@
         };
 
         devShells.default = pkgs.devshell.mkShell {
-          packages = with pkgs; [ just ];
+          packages = with pkgs; [
+            just
+            agenix
+            inputs.agenix.packages."${system}".default
+          ];
           env = [{
             name = "DEVSHELL_NO_MOTD";
             value = "1";