secrets: use homeage to manage secrets for home-manager

Instead of using agenix for all the secrets, I can use homeage for
secrets that are related to my user sessions.

Secrets by default will be store under `~/.secrets'. They are encrypted
using `age' and to decrypt them, a key is expected to be located under
`~/.age/key.txt'.

The last place where I was using `pass' (and so GPG too) was for the
secrets for `mbsync': this change adds a secret for fastmail to the
repository and update `mbsync' configuration to use it.

1 files changed, 8 insertions, 0 deletions

diff --git a/nix/mkHomeManagerConfiguration.nix b/nix/mkHomeManagerConfiguration.nix
index cdd25bd..fc98c7c 100644
--- a/nix/mkHomeManagerConfiguration.nix
+++ b/nix/mkHomeManagerConfiguration.nix
@@ -18,9 +18,17 @@ inputs.home-manager.lib.homeManagerConfiguration {
         homeDirectory = "/home/${username}";
         stateVersion = stateVersion;
       };
+      homeage = {
+        identityPaths = [ "~/.age/key.txt" ];
+        installationType = "activation";
+        mount = "/home/${username}/.secrets";
+      };
+      imports = [ inputs.homeage.homeManagerModules.homeage ];
     }
   ];
 
+  extraSpecialArgs = { inherit inputs self; };
+
   pkgs = import inputs.nixpkgs {
     inherit system;
     config.allowUnfree = true;