From 9148ab5ba835303fd0b1cd953bb1da5db8180bd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= Date: Tue, 4 Jul 2023 16:28:26 +0200 Subject: [PATCH] Revert "chore: get secrets via input, mock for CI" This reverts commit 3138fd23ef855a5925eb370bf0c976316c6c96b4. --- .github/workflows/niveum.yml | 19 ++----- configs/aerc.nix | 15 +++--- configs/cloud.nix | 3 +- configs/default.nix | 6 +-- configs/hu-berlin.nix | 10 +++- configs/i3.nix | 5 +- configs/khal.nix | 6 +-- configs/packages.nix | 4 +- configs/telegram-bots/autorenkalender.nix | 4 +- configs/telegram-bots/default.nix | 7 +-- configs/telegram-bots/nachtischsatan.nix | 4 +- configs/traadfri.nix | 4 +- flake.lock | 14 ----- flake.nix | 4 +- secrets.txt | 62 ----------------------- systems/ful/configuration.nix | 10 ++-- systems/kabsa/configuration.nix | 13 ++--- systems/makanek/configuration.nix | 8 +-- systems/makanek/menstruation.nix | 3 +- systems/makanek/monitoring/default.nix | 7 ++- systems/makanek/nextcloud.nix | 5 +- systems/makanek/onlyoffice.nix | 4 +- systems/makanek/retiolum-map.nix | 2 +- systems/makanek/tt-rss.nix | 5 +- systems/makanek/weechat.nix | 4 +- systems/manakish/configuration.nix | 14 +++-- systems/tabula/configuration.nix | 6 +-- systems/tahina/configuration.nix | 6 +-- systems/zaatar/configuration.nix | 8 +-- systems/zaatar/moodle-dl-meinhark.nix | 5 +- systems/zaatar/mpd.nix | 9 ++-- systems/zaatar/spotifyd.nix | 10 ++-- 32 files changed, 101 insertions(+), 185 deletions(-) delete mode 100644 secrets.txt diff --git a/.github/workflows/niveum.yml b/.github/workflows/niveum.yml index 893df0d..f1622b9 100644 --- a/.github/workflows/niveum.yml +++ b/.github/workflows/niveum.yml @@ -10,21 +10,10 @@ jobs: system: [makanek,manakish,kabsa,zaatar,ful] steps: - uses: actions/checkout@v2 - - name: Install QEMU (ARM) - run: sudo apt-get install -y qemu-user-static - if: ${{ matrix.system == 'ful' }} - - name: Install Nix (ARM) - uses: cachix/install-nix-action@v16 - if: ${{ matrix.system == 'ful' }} - with: - extra_nix_config: | - system = aarch64-linux - - name: Install Nix (x86_64) - uses: cachix/install-nix-action@v16 - if: ${{ matrix.system != 'ful' }} + - uses: cachix/install-nix-action@v16 + - name: Install nixos-rebuild + run: GC_DONT_GC=1 nix-env -i nixos-rebuild -f '' - run: | rm -rf secrets mkdir secrets - cat secrets.txt | while read -r path; do echo dummy > $path; done - find - - run: nix run nixpkgs#nixos-rebuild -- dry-build --override-input secrets ./secrets --flake .#${{matrix.system}} + - run: GC_DONT_GC=1 nixos-rebuild dry-build --flake .#{{matrix.system}} diff --git a/configs/aerc.nix b/configs/aerc.nix index 0a36ef6..7cb4083 100644 --- a/configs/aerc.nix +++ b/configs/aerc.nix @@ -2,7 +2,6 @@ pkgs, config, lib, - inputs, ... }: let defaults = { @@ -20,43 +19,43 @@ in { age.secrets = { email-password-cock = { - file = inputs.secrets + "/email-password-cock.age"; + file = ../secrets/email-password-cock.age; owner = config.users.users.me.name; group = config.users.users.me.group; mode = "400"; }; email-password-fysi = { - file = inputs.secrets + "/email-password-fysi.age"; + file = ../secrets/email-password-fysi.age; owner = config.users.users.me.name; group = config.users.users.me.group; mode = "400"; }; email-password-posteo = { - file = inputs.secrets + "/email-password-posteo.age"; + file = ../secrets/email-password-posteo.age; owner = config.users.users.me.name; group = config.users.users.me.group; mode = "400"; }; email-password-meinhark = { - file = inputs.secrets + "/email-password-meinhark.age"; + file = ../secrets/email-password-meinhark.age; owner = config.users.users.me.name; group = config.users.users.me.group; mode = "400"; }; email-password-meinhaki = { - file = inputs.secrets + "/email-password-meinhaki.age"; + file = ../secrets/email-password-meinhaki.age; owner = config.users.users.me.name; group = config.users.users.me.group; mode = "400"; }; email-password-dslalewa = { - file = inputs.secrets + "/email-password-dslalewa.age"; + file = ../secrets/email-password-dslalewa.age; owner = config.users.users.me.name; group = config.users.users.me.group; mode = "400"; }; email-password-fsklassp = { - file = inputs.secrets + "/email-password-fsklassp.age"; + file = ../secrets/email-password-fsklassp.age; owner = config.users.users.me.name; group = config.users.users.me.group; mode = "400"; diff --git a/configs/cloud.nix b/configs/cloud.nix index 2a5ee21..18e6872 100644 --- a/configs/cloud.nix +++ b/configs/cloud.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - inputs, ... }: let inherit (import ../lib) tmpfilesConfig; @@ -98,7 +97,7 @@ in { ]; age.secrets.mega-password = { - file = inputs.secrets + "/mega-password.age"; + file = ../secrets/mega-password.age; owner = config.users.users.me.name; group = config.users.users.me.group; mode = "400"; diff --git a/configs/default.nix b/configs/default.nix index 672e19c..3600f5b 100644 --- a/configs/default.nix +++ b/configs/default.nix @@ -37,13 +37,13 @@ in { { age.secrets = { di-fm-key = { - file = inputs.secrets + "/di-fm-key.age"; + file = ../secrets/di-fm-key.age; owner = config.users.users.me.name; group = config.users.users.me.group; mode = "400"; }; restic = { - file = inputs.secrets + "/restic.age"; + file = ../secrets/restic.age; owner = config.users.users.me.name; group = config.users.users.me.group; mode = "400"; @@ -76,7 +76,7 @@ in { }; age.secrets = { - kfm-password.file = inputs.secrets + "/kfm-password.age"; + kfm-password.file = ../secrets/kfm-password.age; }; home-manager.users.me.xdg.enable = true; diff --git a/configs/hu-berlin.nix b/configs/hu-berlin.nix index 6bbd9b1..9998e1a 100644 --- a/configs/hu-berlin.nix +++ b/configs/hu-berlin.nix @@ -1,9 +1,15 @@ { config, pkgs, - inputs, + lib, ... }: let + inherit (lib.strings) fileContents; + inherit (import ../lib) sshPort; + eduroam = { + identity = fileContents ; + password = fileContents ; + }; hu-berlin-cifs-options = [ "uid=${toString config.users.users.me.uid}" "gid=${toString config.users.groups.users.gid}" @@ -29,7 +35,7 @@ in { options = hu-berlin-cifs-options; }; - age.secrets.cifs-credentials-hu-berlin.file = inputs.secrets + "/cifs-credentials-hu-berlin.age"; + age.secrets.cifs-credentials-hu-berlin.file = ../secrets/cifs-credentials-hu-berlin.age; home-manager.users.me.programs.ssh = { matchBlocks = { diff --git a/configs/i3.nix b/configs/i3.nix index f47528d..296812e 100644 --- a/configs/i3.nix +++ b/configs/i3.nix @@ -3,7 +3,6 @@ pkgs, lib, niveumPackages, - inputs, ... }: let inherit (import ../lib) defaultApplications colours; @@ -66,13 +65,13 @@ in { age.secrets = { github-token-i3status-rust = { - file = inputs.secrets + "/github-token-i3status-rust.age"; + file = ../secrets/github-token-i3status-rust.age; owner = config.users.users.me.name; group = config.users.users.me.group; mode = "400"; }; openweathermap-api-key = { - file = inputs.secrets + "/openweathermap-api-key.age"; + file = ../secrets/openweathermap-api-key.age; owner = config.users.users.me.name; group = config.users.users.me.group; mode = "400"; diff --git a/configs/khal.nix b/configs/khal.nix index 05983a4..184a849 100644 --- a/configs/khal.nix +++ b/configs/khal.nix @@ -1,7 +1,7 @@ { config, pkgs, - inputs, + lib, ... }: let davHome = "~/.local/share/dav"; @@ -18,13 +18,13 @@ in { age.secrets = { nextcloud-password-kieran = { - file = inputs.secrets + "/nextcloud-password-kieran.age"; + file = ../secrets/nextcloud-password-kieran.age; owner = config.users.users.me.name; group = config.users.users.me.group; mode = "400"; }; nextcloud-password-fysi = { - file = inputs.secrets + "/nextcloud-password-fysi.age"; + file = ../secrets/nextcloud-password-fysi.age; owner = config.users.users.me.name; group = config.users.users.me.group; mode = "400"; diff --git a/configs/packages.nix b/configs/packages.nix index 69ab7a8..6cfdda6 100644 --- a/configs/packages.nix +++ b/configs/packages.nix @@ -1,8 +1,10 @@ { config, pkgs, + lib, inputs, niveumPackages, + unstablePackages, ... }: let worldradio = pkgs.callPackage ../packages/worldradio.nix {}; @@ -289,7 +291,7 @@ in { ]; age.secrets.home-assistant-token = { - file = inputs.secrets + "/home-assistant-token.age"; + file = ../secrets/home-assistant-token.age; owner = config.users.users.me.name; group = config.users.users.me.group; mode = "400"; diff --git a/configs/telegram-bots/autorenkalender.nix b/configs/telegram-bots/autorenkalender.nix index b4bd683..4e9eeb5 100644 --- a/configs/telegram-bots/autorenkalender.nix +++ b/configs/telegram-bots/autorenkalender.nix @@ -1,6 +1,6 @@ { pkgs, - inputs, + lib, config, ... }: let @@ -22,7 +22,7 @@ in { command = "${autorenkalender}/bin/autorenkalender"; }; - age.secrets.telegram-token-kmein.file = inputs.secrets + "/telegram-token-kmein.age"; + age.secrets.telegram-token-kmein.file = ../../secrets/telegram-token-kmein.age; niveum.passport.services = [ { diff --git a/configs/telegram-bots/default.nix b/configs/telegram-bots/default.nix index e2551ae..3521eb4 100644 --- a/configs/telegram-bots/default.nix +++ b/configs/telegram-bots/default.nix @@ -1,6 +1,7 @@ { config, pkgs, + lib, inputs, ... }: let @@ -47,9 +48,9 @@ in { ]; age.secrets = { - telegram-token-reverse.file = inputs.secrets + "/telegram-token-reverse.age"; - telegram-token-betacode.file = inputs.secrets + "/telegram-token-betacode.age"; - telegram-token-proverb.file = inputs.secrets + "/telegram-token-proverb.age"; + telegram-token-reverse.file = ../../secrets/telegram-token-reverse.age; + telegram-token-betacode.file = ../../secrets/telegram-token-betacode.age; + telegram-token-proverb.file = ../../secrets/telegram-token-proverb.age; }; systemd.services.telegram-reverse = { diff --git a/configs/telegram-bots/nachtischsatan.nix b/configs/telegram-bots/nachtischsatan.nix index 732242b..86dc987 100644 --- a/configs/telegram-bots/nachtischsatan.nix +++ b/configs/telegram-bots/nachtischsatan.nix @@ -1,7 +1,7 @@ { pkgs, config, - inputs, + lib, ... }: let nachtischsatan-bot = {tokenFile}: @@ -36,7 +36,7 @@ in { serviceConfig.Restart = "always"; }; - age.secrets.telegram-token-nachtischsatan.file = inputs.secrets + "/telegram-token-nachtischsatan.age"; + age.secrets.telegram-token-nachtischsatan.file = ../../secrets/telegram-token-nachtischsatan.age; niveum.passport.services = [ { diff --git a/configs/traadfri.nix b/configs/traadfri.nix index de437ca..6d283f6 100644 --- a/configs/traadfri.nix +++ b/configs/traadfri.nix @@ -1,7 +1,7 @@ { config, pkgs, - inputs, + lib, ... }: let inherit (import ../lib) localAddresses; @@ -20,7 +20,7 @@ in { ]; age.secrets.traadfri-key = { - file = inputs.secrets + "/traadfri-key.age"; + file = ../secrets/traadfri-key.age; owner = config.users.users.me.name; group = config.users.users.me.group; mode = "400"; diff --git a/flake.lock b/flake.lock index bb8cd26..1010e77 100644 --- a/flake.lock +++ b/flake.lock @@ -322,7 +322,6 @@ "retiolum": "retiolum", "rust-overlay": "rust-overlay", "scripts": "scripts", - "secrets": "secrets", "telebots": "telebots", "tinc-graph": "tinc-graph", "traadfri": "traadfri", @@ -378,19 +377,6 @@ "type": "github" } }, - "secrets": { - "flake": false, - "locked": { - "lastModified": 1, - "narHash": "sha256-pQpattmS9VmO3ZIQUFn66az8GSmB4IvYhTTCFn6SUmo=", - "path": "./secrets", - "type": "path" - }, - "original": { - "path": "./secrets", - "type": "path" - } - }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index de60cd0..cc3ae47 100644 --- a/flake.nix +++ b/flake.nix @@ -13,7 +13,6 @@ nixpkgs-unstable.url = "github:NixOS/nixpkgs/master"; nur.url = "github:nix-community/NUR"; recht.url = "github:kmein/recht"; - secrets.url = "path:./secrets"; scripts.url = "github:kmein/scripts"; retiolum.url = "git+https://git.thalheim.io/Mic92/retiolum"; rust-overlay.url = "github:oxalica/rust-overlay"; @@ -39,7 +38,6 @@ scripts.inputs.flake-utils.follows = "flake-utils"; scripts.inputs.nixpkgs.follows = "nixpkgs"; scripts.inputs.rust-overlay.follows = "rust-overlay"; - secrets.flake = false; tinc-graph.inputs.flake-utils.follows = "flake-utils"; tinc-graph.inputs.nixpkgs.follows = "nixpkgs"; tinc-graph.inputs.rust-overlay.follows = "rust-overlay"; @@ -64,7 +62,7 @@ apps = nixinate.nixinate.x86_64-linux self // { - x86_64-linux = let + x86_64-linux.deploy = let pkgs = nixpkgs.legacyPackages.x86_64-linux; in { mock-secrets = { diff --git a/secrets.txt b/secrets.txt deleted file mode 100644 index a414a55..0000000 --- a/secrets.txt +++ /dev/null @@ -1,62 +0,0 @@ -secrets/di-fm-key.age -secrets/email-password-meinhark.age -secrets/kabsa-retiolum-privateKey-ed25519.age -secrets/makanek-specus-privateKey.age -secrets/manakish-retiolum-privateKey-rsa.age -secrets/kfm-password.age -secrets/email-password-fysi.age -secrets/github-token-i3status-rust.age -secrets/nextcloud-password-admin.age -secrets/zaatar-retiolum-privateKey-ed25519.age -secrets/manakish-syncthing-cert.age -secrets/telegram-token-betacode.age -secrets/tabula-retiolum-privateKey-rsa.age -secrets/zaatar-ympd-basicAuth.age -secrets/zaatar-moodle-dl-basicAuth.age -secrets/mega-password.age -secrets/telegram-token-reverse.age -secrets/email-password-meinhaki.age -secrets/spotify-password.age -secrets/telegram-token-kmein.age -secrets/maxmind-license-key.age -secrets/makanek-retiolum-privateKey-rsa.age -secrets/spotify-username.age -secrets/onlyoffice-jwt-key.age -secrets/miniflux-credentials.age -secrets/email-password-fsklassp.age -secrets/kabsa-retiolum-privateKey-rsa.age -secrets/traadfri-key.age -secrets/tahina-retiolum-privateKey-rsa.age -secrets/makanek-retiolum-privateKey-ed25519.age -secrets/zaatar-retiolum-privateKey-rsa.age -secrets/kabsa-specus-privateKey.age -secrets/nextcloud-password-kieran.age -secrets/ful-root.age -secrets/manakish-syncthing-key.age -secrets/email-password-dslalewa.age -secrets/zaatar-moodle-dl-tokens.json.age -secrets/tabula-retiolum-privateKey-ed25519.age -secrets/tahina-retiolum-privateKey-ed25519.age -secrets/cifs-credentials-hu-berlin.age -secrets/kabsa-syncthing-key.age -secrets/ful-retiolum-privateKey-rsa.age -secrets/ful-retiolum-privateKey-ed25519.age -secrets/zaatar-syncthing-key.age -secrets/openweathermap-api-key.age -secrets/secrets.nix -secrets/email-password-cock.age -secrets/telegram-token-nachtischsatan.age -secrets/kabsa-syncthing-cert.age -secrets/grafana-password-admin.age -secrets/email-password-posteo.age -secrets/manakish-retiolum-privateKey-ed25519.age -secrets/restic.age -secrets/home-assistant-token.age -secrets/zaatar-syncthing-cert.age -secrets/nextcloud-password-database.age -secrets/telegram-token-menstruation.age -secrets/alertmanager-token-reporters.age -secrets/ful-specus-privateKey.age -secrets/nextcloud-password-fysi.age -secrets/weechat-sec.conf.age -secrets/telegram-token-proverb.age diff --git a/systems/ful/configuration.nix b/systems/ful/configuration.nix index fd0ff8d..297563e 100644 --- a/systems/ful/configuration.nix +++ b/systems/ful/configuration.nix @@ -1,5 +1,5 @@ { - inputs, + lib, config, pkgs, ... @@ -36,19 +36,19 @@ in { age.secrets = { retiolum-rsa = { - file = inputs.secrets + "/ful-retiolum-privateKey-rsa.age"; + file = ../../secrets/ful-retiolum-privateKey-rsa.age; mode = "400"; owner = "tinc.retiolum"; group = "tinc.retiolum"; }; retiolum-ed25519 = { - file = inputs.secrets + "/ful-retiolum-privateKey-ed25519.age"; + file = ../../secrets/ful-retiolum-privateKey-ed25519.age; mode = "400"; owner = "tinc.retiolum"; group = "tinc.retiolum"; }; - root.file = inputs.secrets + "/ful-root.age"; - restic.file = inputs.secrets + "/restic.age"; + root.file = ../../secrets/ful-root.age; + restic.file = ../../secrets/restic.age; }; services.restic.backups.niveum = { diff --git a/systems/kabsa/configuration.nix b/systems/kabsa/configuration.nix index 95bd939..dfd582f 100644 --- a/systems/kabsa/configuration.nix +++ b/systems/kabsa/configuration.nix @@ -1,6 +1,7 @@ { - inputs, + config, pkgs, + lib, ... }: let inherit (import ../../lib) retiolumAddresses; @@ -25,20 +26,20 @@ in { age.secrets = { retiolum-rsa = { - file = inputs.secrets + "/kabsa-retiolum-privateKey-rsa.age"; + file = ../../secrets/kabsa-retiolum-privateKey-rsa.age; mode = "400"; owner = "tinc.retiolum"; group = "tinc.retiolum"; }; retiolum-ed25519 = { - file = inputs.secrets + "/kabsa-retiolum-privateKey-ed25519.age"; + file = ../../secrets/kabsa-retiolum-privateKey-ed25519.age; mode = "400"; owner = "tinc.retiolum"; group = "tinc.retiolum"; }; - restic.file = inputs.secrets + "/restic.age"; - syncthing-cert.file = inputs.secrets + "/kabsa-syncthing-cert.age"; - syncthing-key.file = inputs.secrets + "/kabsa-syncthing-key.age"; + restic.file = ../../secrets/restic.age; + syncthing-cert.file = ../../secrets/kabsa-syncthing-cert.age; + syncthing-key.file = ../../secrets/kabsa-syncthing-key.age; }; environment.systemPackages = [pkgs.minecraft pkgs.zeroad]; diff --git a/systems/makanek/configuration.nix b/systems/makanek/configuration.nix index cadff2e..1233802 100644 --- a/systems/makanek/configuration.nix +++ b/systems/makanek/configuration.nix @@ -1,5 +1,5 @@ { - inputs, + lib, config, pkgs, ... @@ -84,18 +84,18 @@ in { age.secrets = { retiolum-rsa = { - file = inputs.secrets + "/makanek-retiolum-privateKey-rsa.age"; + file = ../../secrets/makanek-retiolum-privateKey-rsa.age; mode = "400"; owner = "tinc.retiolum"; group = "tinc.retiolum"; }; retiolum-ed25519 = { - file = inputs.secrets + "/makanek-retiolum-privateKey-ed25519.age"; + file = ../../secrets/makanek-retiolum-privateKey-ed25519.age; mode = "400"; owner = "tinc.retiolum"; group = "tinc.retiolum"; }; - restic.file = inputs.secrets + "/restic.age"; + restic.file = ../../secrets/restic.age; }; system.stateVersion = "20.03"; diff --git a/systems/makanek/menstruation.nix b/systems/makanek/menstruation.nix index 296489f..0b45260 100644 --- a/systems/makanek/menstruation.nix +++ b/systems/makanek/menstruation.nix @@ -1,6 +1,7 @@ { config, pkgs, + lib, inputs, ... }: let @@ -46,7 +47,7 @@ in { }; }; - age.secrets.telegram-token-menstruation.file = inputs.secrets + "/telegram-token-menstruation.age"; + age.secrets.telegram-token-menstruation.file = ../../secrets/telegram-token-menstruation.age; systemd.services.menstruation-backend = { wants = ["network-online.target"]; diff --git a/systems/makanek/monitoring/default.nix b/systems/makanek/monitoring/default.nix index d76a140..2e3347b 100644 --- a/systems/makanek/monitoring/default.nix +++ b/systems/makanek/monitoring/default.nix @@ -2,7 +2,6 @@ lib, config, pkgs, - inputs, ... }: let lokiConfig = import ./loki.nix; @@ -242,19 +241,19 @@ in { age.secrets = { email-password-cock = { - file = inputs.secrets + "/email-password-cock.age"; + file = ../../../secrets/email-password-cock.age; owner = "grafana"; group = "grafana"; mode = "440"; }; grafana-password-admin = { - file = inputs.secrets + "/grafana-password-admin.age"; + file = ../../../secrets/grafana-password-admin.age; owner = "grafana"; group = "grafana"; mode = "440"; }; alertmanager-token-reporters = { - file = inputs.secrets + "/alertmanager-token-reporters.age"; + file = ../../../secrets/alertmanager-token-reporters.age; owner = "prometheus"; group = "prometheus"; mode = "440"; diff --git a/systems/makanek/nextcloud.nix b/systems/makanek/nextcloud.nix index 048a04f..b581419 100644 --- a/systems/makanek/nextcloud.nix +++ b/systems/makanek/nextcloud.nix @@ -1,7 +1,6 @@ { pkgs, config, - inputs, lib, ... }: let @@ -9,13 +8,13 @@ in { age.secrets = { nextcloud-password-database = { - file = inputs.secrets + "/nextcloud-password-database.age"; + file = ../../secrets/nextcloud-password-database.age; owner = "nextcloud"; group = "nextcloud"; mode = "440"; }; nextcloud-password-admin = { - file = inputs.secrets + "/nextcloud-password-admin.age"; + file = ../../secrets/nextcloud-password-admin.age; owner = "nextcloud"; group = "nextcloud"; mode = "440"; diff --git a/systems/makanek/onlyoffice.nix b/systems/makanek/onlyoffice.nix index 56138cf..c74d24a 100644 --- a/systems/makanek/onlyoffice.nix +++ b/systems/makanek/onlyoffice.nix @@ -1,5 +1,5 @@ { - inputs, + pkgs, config, ... }: { @@ -11,7 +11,7 @@ }; age.secrets.onlyoffice-key = { - file = inputs.secrets + "/onlyoffice-jwt-key.age"; + file = ../../secrets/onlyoffice-jwt-key.age; owner = "onlyoffice"; }; diff --git a/systems/makanek/retiolum-map.nix b/systems/makanek/retiolum-map.nix index aae26da..bd5a2ed 100644 --- a/systems/makanek/retiolum-map.nix +++ b/systems/makanek/retiolum-map.nix @@ -45,7 +45,7 @@ in { }; }; - age.secrets.maxmind-license-key.file = inputs.secrets + "/maxmind-license-key.age"; + age.secrets.maxmind-license-key.file = ../../secrets/maxmind-license-key.age; niveum.passport.services = [ { diff --git a/systems/makanek/tt-rss.nix b/systems/makanek/tt-rss.nix index 19f21bf..6ea2aa3 100644 --- a/systems/makanek/tt-rss.nix +++ b/systems/makanek/tt-rss.nix @@ -1,5 +1,6 @@ { - inputs, + pkgs, + lib, config, ... }: let @@ -18,7 +19,7 @@ in { }; }; - age.secrets.miniflux-credentials.file = inputs.secrets + "/miniflux-credentials.age"; + age.secrets.miniflux-credentials.file = ../../secrets/miniflux-credentials.age; services.postgresqlBackup = { enable = true; diff --git a/systems/makanek/weechat.nix b/systems/makanek/weechat.nix index 530fd4e..e111fa7 100644 --- a/systems/makanek/weechat.nix +++ b/systems/makanek/weechat.nix @@ -1,7 +1,7 @@ { lib, pkgs, - inputs, + config, ... }: let inherit (import ../../lib) kieran; @@ -205,7 +205,7 @@ in { }; age.secrets.weechat-sec = { - file = inputs.secrets + "/weechat-sec.conf.age"; + file = ../../secrets/weechat-sec.conf.age; path = "/var/lib/weechat/sec.conf"; owner = "weechat"; group = "weechat"; diff --git a/systems/manakish/configuration.nix b/systems/manakish/configuration.nix index 2dc3afa..1cc3d88 100644 --- a/systems/manakish/configuration.nix +++ b/systems/manakish/configuration.nix @@ -1,4 +1,8 @@ -{inputs, ...}: let +{ + config, + pkgs, + ... +}: let inherit (import ../../lib) retiolumAddresses; in { imports = [ @@ -12,19 +16,19 @@ in { age.secrets = { retiolum-rsa = { - file = inputs.secrets + "/manakish-retiolum-privateKey-rsa.age"; + file = ../../secrets/manakish-retiolum-privateKey-rsa.age; mode = "400"; owner = "tinc.retiolum"; group = "tinc.retiolum"; }; retiolum-ed25519 = { - file = inputs.secrets + "/manakish-retiolum-privateKey-ed25519.age"; + file = ../../secrets/manakish-retiolum-privateKey-ed25519.age; mode = "400"; owner = "tinc.retiolum"; group = "tinc.retiolum"; }; - syncthing-cert.file = inputs.secrets + "/manakish-syncthing-cert.age"; - syncthing-key.file = inputs.secrets + "/manakish-syncthing-key.age"; + syncthing-cert.file = ../../secrets/manakish-syncthing-cert.age; + syncthing-key.file = ../../secrets/manakish-syncthing-key.age; }; niveum = { diff --git a/systems/tabula/configuration.nix b/systems/tabula/configuration.nix index 4d0793e..f3d5614 100644 --- a/systems/tabula/configuration.nix +++ b/systems/tabula/configuration.nix @@ -1,5 +1,5 @@ { - inputs, + config, pkgs, ... }: let @@ -15,13 +15,13 @@ in { age.secrets = { retiolum-rsa = { - file = inputs.secrets + "/tabula-retiolum-privateKey-rsa.age"; + file = ../../secrets/tabula-retiolum-privateKey-rsa.age; mode = "400"; owner = "tinc.retiolum"; group = "tinc.retiolum"; }; retiolum-ed25519 = { - file = inputs.secrets + "/tabula-retiolum-privateKey-ed25519.age"; + file = ../../secrets/tabula-retiolum-privateKey-ed25519.age; mode = "400"; owner = "tinc.retiolum"; group = "tinc.retiolum"; diff --git a/systems/tahina/configuration.nix b/systems/tahina/configuration.nix index 5a2a960..fde04b7 100644 --- a/systems/tahina/configuration.nix +++ b/systems/tahina/configuration.nix @@ -1,5 +1,5 @@ { - inputs, + config, pkgs, ... }: let @@ -15,13 +15,13 @@ in { age.secrets = { retiolum-rsa = { - file = inputs.secrets + "/tahina-retiolum-privateKey-rsa.age"; + file = ../../secrets/tahina-retiolum-privateKey-rsa.age; mode = "400"; owner = "tinc.retiolum"; group = "tinc.retiolum"; }; retiolum-ed25519 = { - file = inputs.secrets + "/tahina-retiolum-privateKey-ed25519.age"; + file = ../../secrets/tahina-retiolum-privateKey-ed25519.age; mode = "400"; owner = "tinc.retiolum"; group = "tinc.retiolum"; diff --git a/systems/zaatar/configuration.nix b/systems/zaatar/configuration.nix index 31be235..18d34cf 100644 --- a/systems/zaatar/configuration.nix +++ b/systems/zaatar/configuration.nix @@ -1,7 +1,7 @@ { config, pkgs, - inputs, + lib, ... }: let inherit (import ../../lib) retiolumAddresses restic; @@ -31,18 +31,18 @@ in { age.secrets = { retiolum-rsa = { - file = inputs.secrets + "/zaatar-retiolum-privateKey-rsa.age"; + file = ../../secrets/zaatar-retiolum-privateKey-rsa.age; mode = "400"; owner = "tinc.retiolum"; group = "tinc.retiolum"; }; retiolum-ed25519 = { - file = inputs.secrets + "/zaatar-retiolum-privateKey-ed25519.age"; + file = ../../secrets/zaatar-retiolum-privateKey-ed25519.age; mode = "400"; owner = "tinc.retiolum"; group = "tinc.retiolum"; }; - restic.file = inputs.secrets + "/restic.age"; + restic.file = ../../secrets/restic.age; }; services.restic.backups.moodle-dl = { diff --git a/systems/zaatar/moodle-dl-meinhark.nix b/systems/zaatar/moodle-dl-meinhark.nix index 82b6665..3726b5a 100644 --- a/systems/zaatar/moodle-dl-meinhark.nix +++ b/systems/zaatar/moodle-dl-meinhark.nix @@ -2,7 +2,6 @@ config, pkgs, lib, - inputs, ... }: let moodle-dl-package = pkgs.moodle-dl.overrideAttrs (old: @@ -14,14 +13,14 @@ in { age.secrets = { /* moodle-dl-tokens = { - file = inputs.secrets + "/zaatar-moodle-dl-tokens.json.age"; + file = ../../secrets/zaatar-moodle-dl-tokens.json.age; owner = "moodle-dl"; group = "moodle-dl"; mode = "400"; }; */ moodle-dl-basicAuth = { - file = inputs.secrets + "/zaatar-moodle-dl-basicAuth.age"; + file = ../../secrets/zaatar-moodle-dl-basicAuth.age; owner = "nginx"; group = "nginx"; mode = "400"; diff --git a/systems/zaatar/mpd.nix b/systems/zaatar/mpd.nix index 101e6a2..78076c5 100644 --- a/systems/zaatar/mpd.nix +++ b/systems/zaatar/mpd.nix @@ -2,7 +2,6 @@ config, pkgs, lib, - inputs, ... }: let firewall = (import ../../lib).firewall lib; @@ -103,14 +102,14 @@ in { age.secrets = { ympd-basicAuth = { - file = inputs.secrets + "/zaatar-ympd-basicAuth.age"; + file = ../../secrets/zaatar-ympd-basicAuth.age; owner = "nginx"; group = "nginx"; mode = "400"; }; - syncthing-cert.file = inputs.secrets + "/zaatar-syncthing-cert.age"; - syncthing-key.file = inputs.secrets + "/zaatar-syncthing-key.age"; - di-fm-key.file = inputs.secrets + "/di-fm-key.age"; + syncthing-cert.file = ../../secrets/zaatar-syncthing-cert.age; + syncthing-key.file = ../../secrets/zaatar-syncthing-key.age; + di-fm-key.file = ../../secrets/di-fm-key.age; }; services.nginx = { diff --git a/systems/zaatar/spotifyd.nix b/systems/zaatar/spotifyd.nix index ef7d81f..353ae72 100644 --- a/systems/zaatar/spotifyd.nix +++ b/systems/zaatar/spotifyd.nix @@ -1,8 +1,4 @@ -{ - config, - inputs, - ... -}: { +{config, ...}: { services.spotifyd = { enable = true; settings = { @@ -25,8 +21,8 @@ }; age.secrets = { - spotify-username.file = inputs.secrets + "/spotify-username.age"; - spotify-password.file = inputs.secrets + "/spotify-password.age"; + spotify-username.file = ../../secrets/spotify-username.age; + spotify-password.file = ../../secrets/spotify-password.age; }; # ref https://github.com/NixOS/nixpkgs/issues/71362#issuecomment-753461502