From b9563265434c38de3ef3f723b63ecfb8be70d5a3 Mon Sep 17 00:00:00 2001
From: JakeGinesin <jakeginesin@gmail.com>
Date: Wed, 30 Apr 2025 02:52:28 -0400
Subject: [PATCH] 41 current  2025-04-30 02:52:21  25.05.20250424.f771eb4    
 6.12.24                          *

---
 home/programs/zsh/default.nix    |  3 ++-
 hosts/thonkpad/configuration.nix | 14 ++++++++++----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/home/programs/zsh/default.nix b/home/programs/zsh/default.nix
index 0ee6799..dc624f9 100644
--- a/home/programs/zsh/default.nix
+++ b/home/programs/zsh/default.nix
@@ -41,12 +41,13 @@
       [[ ! -f ~/.p10k.zsh ]] || source ~/.p10k.zsh
     '';
 
+    # recall agenix secrets cannot be used at eval time, so we must do this trash
+    # like what the fuck? I spent 4 hours figuring this out. will i ever reach nix nirvana?
     initExtra = ''
       ${builtins.readFile ./zshrc}
       if [ -f "${osConfig.age.secrets.zsh_remote.path}" ]; then
         source "${osConfig.age.secrets.zsh_remote.path}"
       fi
     '';
-    # initExtra = builtins.readFile ./zshrc;
   };
 }
diff --git a/hosts/thonkpad/configuration.nix b/hosts/thonkpad/configuration.nix
index 6d6538f..ee4794b 100644
--- a/hosts/thonkpad/configuration.nix
+++ b/hosts/thonkpad/configuration.nix
@@ -48,10 +48,16 @@ in {
     };
 
     res = "1366x768";
-    age.secrets.zsh_remote.file = ../../secrets/zsh_remote.age;
-    age.secretsDir = "/home/synchronous/.agenix/agenix";
-    age.secretsMountPoint = "/home/synchronous/.agenix/agenix.d";
-    age.identityPaths = ["/home/synchronous/.ssh/id_ed25519"];
+    age = {
+      secrets.zsh_remote = {
+        file = ../../secrets/zsh_remote.age;
+        owner = "synchronous";
+        mode = "0400";
+      };
+      secretsDir = "/home/synchronous/.agenix/agenix";
+      secretsMountPoint = "/home/synchronous/.agenix/agenix.d";
+      identityPaths = ["/home/synchronous/.ssh/id_ed25519"];
+    };
 
     # config = {
     # res = "1366x768";