From 111754b894d441cd652a0c5f3f78c6d06787cd03 Mon Sep 17 00:00:00 2001
From: Cole Helbling <cole.e.helbling@outlook.com>
Date: Fri, 26 Feb 2021 20:31:16 -0800
Subject: [PATCH] modules/age: remove old secrets generations

---
 modules/age.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/age.nix b/modules/age.nix
index ac25fa4..d358fa3 100644
--- a/modules/age.nix
+++ b/modules/age.nix
@@ -138,6 +138,11 @@ in
       chmod 0750 "${cfg.secretsMountPoint}/$_count"
       chown :keys "${cfg.secretsMountPoint}" "${cfg.secretsMountPoint}/$_count"
       ln -sfn "${cfg.secretsMountPoint}/$_count" /run/secrets
+
+      (( _agenix_generation > 1 )) && {
+        echo "[agenix] removing old secrets (generation $(( _agenix_generation - 1 )))..."
+        rm -rf "${cfg.secretsMountPoint}/$(( _agenix_generation - 1 ))"
+      }
     '';
 
     # Secrets with root owner and group can be installed before users