Trolli Schmittlauch 🦥Meh, managing eval-time "secrets" in #Nix – as in not-so-public information like additional home-manager SSH config entries – is still a bit of a mess. While sops-nix is good for managing actual secret *files* at activation and runtime, looks like I still need to keep my additional non-public repo with personal data for these eval-time items. :\
Ivan@schmittlauch agenix is an alternative if you’re okay with storing *encrypted* secrets in your repo
Yann Büchau 
@ivan @schmittlauch agenix is also for runtime, not evaltime secrets, so that's not what they meant. For a long time I also had a public #nixos config and looked for good ways to conceal private parts (e.g. with #gitAnnex) but eventually realised it's too much pain and hinders reusage by others, so went the arguably cleaner way: utilities in a public repo that you and others can source in their private ones. Can't point to specific service configs then, though...
https://discourse.nixos.org/t/public-reusable-flake-with-private-parts/73049
Public, reusable flake with private parts
I am looking for a way to have a public flake that is reusable as inputs in other flakes, but some parts of the flake are private. I think this is a very common thing, people sharing their config, but don’t want to share their secrets of course or some network settings. If those private parts are just plain files, then agenix or sops can be used, encrypted versions of those secrets are published (still kinda meh, but okay). The problem arises if some nix code should be concealed as well. Here a...
@nobodyinperson @schmittlauch ah yes apologies for overlooking that!