Add secret files in the public

Was initially afraid of how age is secure for the publicly showing
secret files (even if encrypted). We'll start with something simple for
now.

README.adoc

@@ -36,6 +36,7 @@ nixos-config
 ├── lib/
 ├── modules/
 ├── pkgs/
+├── secrets/
 ├── users/
 ├── flake.lock
 ├── flake.nix
@@ -52,6 +53,8 @@ For more information, see the link:./modules/README.adoc[related documentation].
 * link:./pkgs/[`./pkgs/`] contains my custom packages.
 It is exported in the flakes at `outputs.packages` compiled through various systems.
 
+* link:./secrets/[`./secrets/`] contains my secrets managed with link:https://github.com/ryantm/agenix[agenix].
+
 * link:./users/[`./users/`] contains my link:https://github.com/nix-community/home-manager[home-manager] configurations and modules.
 It is exported in the flakes at `outputs.homeConfigurations`.
 For more information, see the link:./users/README.adoc[related documentation].

secrets/README.adoc

@@ -0,0 +1,5 @@
+= Secrets
+:toc:
+
+My secret files in public!
+This is managed through link:https://github.com/ryantm/agenix[agenix] (thus, uses the link:https://github.com/FiloSottile/age[age encryption tool]).

secrets/secrets.nix

@@ -0,0 +1,16 @@
+let
+  system1 =
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG42LafAFOeh3oYz/cm6FXes0ss59/EOCXpGsYvhpI21";
+
+  user1 =
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMclb6WPpYRoMVqCCzQcG2XQHczB6vaIEDIHqjVsyQJi";
+  user2 =
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBhrzY7tD0ZiGoA6nnfVxRQVQox0votQ2fuHz78LjNUD";
+  user3 =
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIytwsseYS6kV8ldiUV767C2Gy7okxckdDRW4aA3q/Ku";
+  user4 =
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGtn+t2D7clY1U1rzKcSCBJjNbuJzbRArEiM3soyFcnv";
+in {
+  "archive/password".publicKeys = [ system1 user3 user4 ];
+  "archive/borgmatic.json".publicKeys = [ system1 user3 user4 ];
+}