chore: get secrets via input, mock for CI

this fixes CI, yay!

systems/makanek/configuration.nix

@@ -1,5 +1,5 @@
 {
-  lib,
+  inputs,
   config,
   pkgs,
   ...
@@ -84,18 +84,18 @@ in {
 
   age.secrets = {
     retiolum-rsa = {
-      file = ../../secrets/makanek-retiolum-privateKey-rsa.age;
+      file = inputs.secrets + "/makanek-retiolum-privateKey-rsa.age";
       mode = "400";
       owner = "tinc.retiolum";
       group = "tinc.retiolum";
     };
     retiolum-ed25519 = {
-      file = ../../secrets/makanek-retiolum-privateKey-ed25519.age;
+      file = inputs.secrets + "/makanek-retiolum-privateKey-ed25519.age";
       mode = "400";
       owner = "tinc.retiolum";
       group = "tinc.retiolum";
     };
-    restic.file = ../../secrets/restic.age;
+    restic.file = inputs.secrets + "/restic.age";
   };
 
   system.stateVersion = "20.03";

systems/makanek/menstruation.nix

@@ -1,7 +1,6 @@
 {
   config,
   pkgs,
-  lib,
   inputs,
   ...
 }: let
@@ -47,7 +46,7 @@ in {
     };
   };
 
-  age.secrets.telegram-token-menstruation.file = ../../secrets/telegram-token-menstruation.age;
+  age.secrets.telegram-token-menstruation.file = inputs.secrets + "/telegram-token-menstruation.age";
 
   systemd.services.menstruation-backend = {
     wants = ["network-online.target"];

systems/makanek/monitoring/default.nix

@@ -2,6 +2,7 @@
   lib,
   config,
   pkgs,
+  inputs,
   ...
 }: let
   lokiConfig = import ./loki.nix;
@@ -241,19 +242,19 @@ in {
 
   age.secrets = {
     email-password-cock = {
-      file = ../../../secrets/email-password-cock.age;
+      file = inputs.secrets + "/email-password-cock.age";
       owner = "grafana";
       group = "grafana";
       mode = "440";
     };
     grafana-password-admin = {
-      file = ../../../secrets/grafana-password-admin.age;
+      file = inputs.secrets + "/grafana-password-admin.age";
       owner = "grafana";
       group = "grafana";
       mode = "440";
     };
     alertmanager-token-reporters = {
-      file = ../../../secrets/alertmanager-token-reporters.age;
+      file = inputs.secrets + "/alertmanager-token-reporters.age";
       owner = "prometheus";
       group = "prometheus";
       mode = "440";

systems/makanek/nextcloud.nix

@@ -1,6 +1,7 @@
 {
   pkgs,
   config,
+  inputs,
   lib,
   ...
 }: let
@@ -8,13 +9,13 @@
 in {
   age.secrets = {
     nextcloud-password-database = {
-      file = ../../secrets/nextcloud-password-database.age;
+      file = inputs.secrets + "/nextcloud-password-database.age";
       owner = "nextcloud";
       group = "nextcloud";
       mode = "440";
     };
     nextcloud-password-admin = {
-      file = ../../secrets/nextcloud-password-admin.age;
+      file = inputs.secrets + "/nextcloud-password-admin.age";
       owner = "nextcloud";
       group = "nextcloud";
       mode = "440";

systems/makanek/onlyoffice.nix

@@ -1,5 +1,5 @@
 {
-  pkgs,
+  inputs,
   config,
   ...
 }: {
@@ -11,7 +11,7 @@
   };
 
   age.secrets.onlyoffice-key = {
-    file = ../../secrets/onlyoffice-jwt-key.age;
+    file = inputs.secrets + "/onlyoffice-jwt-key.age";
     owner = "onlyoffice";
   };
 

systems/makanek/retiolum-map.nix

@@ -45,7 +45,7 @@ in {
     };
   };
 
-  age.secrets.maxmind-license-key.file = ../../secrets/maxmind-license-key.age;
+  age.secrets.maxmind-license-key.file = inputs.secrets + "/maxmind-license-key.age";
 
   niveum.passport.services = [
     {

systems/makanek/tt-rss.nix

@@ -1,6 +1,5 @@
 {
-  pkgs,
-  lib,
+  inputs,
   config,
   ...
 }: let
@@ -19,7 +18,7 @@ in {
     };
   };
 
-  age.secrets.miniflux-credentials.file = ../../secrets/miniflux-credentials.age;
+  age.secrets.miniflux-credentials.file = inputs.secrets + "/miniflux-credentials.age";
 
   services.postgresqlBackup = {
     enable = true;

systems/makanek/weechat.nix

@@ -1,7 +1,7 @@
 {
   lib,
   pkgs,
-  config,
+  inputs,
   ...
 }: let
   inherit (import ../../lib) kieran;
@@ -205,7 +205,7 @@ in {
   };
 
   age.secrets.weechat-sec = {
-    file = ../../secrets/weechat-sec.conf.age;
+    file = inputs.secrets + "/weechat-sec.conf.age";
     path = "/var/lib/weechat/sec.conf";
     owner = "weechat";
     group = "weechat";