From f2aa7e6bbf5ac2ab0dceebc3283c88924022119e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Fri, 6 May 2022 03:43:06 +0200
Subject: [PATCH] feat(hass): manage secrets.yaml via agenix

---
 secrets/hass/secrets.age    | Bin 0 -> 1194 bytes
 secrets/secrets.nix         |   2 ++
 services/home-assistant.nix |   5 +++++
 3 files changed, 7 insertions(+)
 create mode 100644 secrets/hass/secrets.age

diff --git a/secrets/hass/secrets.age b/secrets/hass/secrets.age
new file mode 100644
index 0000000000000000000000000000000000000000..188f0820526effa937416e9c335bcde64f4fa03f
GIT binary patch
literal 1194
zcmV;b1XcTCXJsvAZewzJaCB*JZZ2<fXD@a!3N1b$b8~1dWn?lnH8D9LPeEEyXh9%r
zXgNz~L2OrWMRH70Vl-iNdUH8rNjFt8d3IPrHf1+MR&8%baBVX;X=e&Kc}jCwG%-(d
zN>XxaHg{w(VQqSIaac4$L~k!lYjS2#MPhSxc35U}R4@uHJ|J^*Xf0)AGBq_ZIUr0#
zD{fY2Ab40!YDPgxd3HuOS7c~Ua7Z^VZFFi?QB+P-V>VeYMRsC%G;2voR#{e63Q;Rn
zWN>g{ZcHmgM@LsPSvF=jctc7ySTsg6a(H@eazR!xX;N86H8E9l3N1b$NpVk7EoX9N
zVRL05a!ox!Jxn)cAR;CrMj$ACSvp@{Ks+F8dkRQ1Y-VyXd2~obbxLkhcTZL?c2QbZ
zRX25TMs0dQL3MX&Z%SrJRZ34zG*og(Q&L7VbXYYpaaA{SFfT+=FlP!mLr_p>Iae=i
zc}HqcHe+{hQ%wpjEiE86QaCSjL{U;oM`cfXF+w<RPdH^%OH_JCcvNgdGj>vILr5@d
zYBOYVK{yKQ`_V_UPPf}j;?p6y>rIc3^?t1Tkv_={8(v@80c%&r@EM`f<q1HIu)VD}
zcIi#rfuf=%eJv*(kio9Q@j%_#2~Z>-*sUN1EmfG-ZHH610H=!U1L#gtR0bCBD)a~W
zagM{5t(OZ;hgn?-N52-WN0jsSiFM?u)~Ha&h@~E*=+jei8`m~?8fV&n=!)}+f^tNg
znzrdK)AHzu>!Um4_4C~;G~}l)w4pp4+67ik@ezgXps_pjF`s>-YzRoy9ft#WDC-Z$
zikgHmRo%Z0{JRQ{-wlK}rcmmRW#KiLYndKoSi*lr(pYTkt$mO84+`U&dI$YtK7uX~
zc~m>h((c`z8~AphKKVBN_Y<`dP&oXLo|H0LAOSoyV(L>&M{m+~M3p*on)QJ*Gwi0b
z$=>e1u+(>by$BZ3f)Er+%Z^zkyryoSt}?+@3Z_KM_gbq0Sn-ab=keYiXsr3i)h)HE
zE~l$GS8Al>c8LJIp#$f~H!gp4O^+UA+aaN8%F&rs+|dc%pEfrjzL_0#XAv<hz29fC
zVcAOw<^zOxS{*zY5BFq<CAQq8gN`aN=72HRP-tgA&uO&=cff%94w{}@F^(!@a}}0W
zF%`v3B<m!6T)1<~|Ig)MW&I{2Amx=Mm7i|>YS&*xIHR0SGntL07@DXjq>&4u`}fbY
z1c!jdo7-|E82cp)i6^BVi!%H|55OP5ty<)b{hkq{k7-y0dG4qi`ZsdCnVk<L$=;h=
zQ08p3eF1B~mNHA(I6TRF=G8Tc?tU*pa^*DepSEVOyj}Oq-t$0c9C9lom*3S&yf8`9
zt;f~^FhIDjj8OqRl}J;Wd%p7;x|MJ#SoXg)`Mun{q3lqA*_ooyLxF9n+<HVR&LDzB
z(hz>%UPln7d>^B`Xk&T<M*8mIR&u1=Z{VKeZW=;vDp~12d){F_2`BnnUih+okW0pa
zplFPxXVV5c@pV@xw2iOyvm*!r?*JJQ!=6P(BO>-vJKelg;AXI}87r>|yu61U-{WF`
IMR`fZT-)jky8r+H

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 1c7ffe9..6fb59d4 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -28,5 +28,7 @@ in {
   "paperless.age".publicKeys = [ felschr home-pc home-server ];
   "nextcloud/admin.age".publicKeys = [ felschr home-pc home-server ];
 
+  # home-server
   "home-server/hostKey.age".publicKeys = [ felschr home-server ];
+  "hass/secrets.age".publicKeys = [ felschr home-server ];
 }
diff --git a/services/home-assistant.nix b/services/home-assistant.nix
index 1caae38..2dff78d 100644
--- a/services/home-assistant.nix
+++ b/services/home-assistant.nix
@@ -116,4 +116,9 @@ in {
     };
     # configWritable = true; # doesn't work atm
   };
+
+  age.secrets.hass-secrets = {
+    file = ../secrets/hass/secrets.age;
+    path = "/var/lib/hass/secrets.yaml";
+  };
 }