HM: default age.secrets.<name>.path isn’t a path

[sellout]

In the Home Manager module, age.secretsDir doesn’t default to a path, but a shell expression that expands to a path. This means that config.age.secrets.<name>.path often can’t be referenced the way it is in the passwordFile example from the age.secrets.<name>.path docs.

E.g., I have a config like

{
  age.secrets.fooCfgForKey.file = ../secrets/foo.cfg.age;
  file.home.".foo.cfg".text = lib.generators.toINI {} {
    settings.include_cfg = config.age.secrets.fooCfgForKey.path;
  };
}

and the generated ~/.foo.cfg looks like

[settings]
include_cfg=${XDG_RUNTIME_DIR}/agenix/fooCfgForKey

which is invalid, as the INI file wants a path, and doesn’t do shell expansion.

My workaround has been to set age.secretsDir to an actual path¹, rather than a shell expression, but I get why it’s done the way it is. It would be very useful for age.secrets.<name>.path to be a path, though.

Footnotes

1. Taking what Home Manager already does with home.homeDirectory, I have added an xdg.runtimeDir option that has to be explicitly set, and then I ensure it matches the actual XDG_RUNTIME_DIR or DARWIN_USER_TEMP_DIR. So age.secretsDir = "${config.xdg.runtimeDir}/agenix does it for me. ↩