Revert "chore: get secrets via input, mock for CI"

This reverts commit 3138fd23ef.

systems/ful/configuration.nix

@@ -1,5 +1,5 @@
 {
-  inputs,
+  lib,
   config,
   pkgs,
   ...
@@ -36,19 +36,19 @@ in {
 
   age.secrets = {
     retiolum-rsa = {
-      file = inputs.secrets + "/ful-retiolum-privateKey-rsa.age";
+      file = ../../secrets/ful-retiolum-privateKey-rsa.age;
       mode = "400";
       owner = "tinc.retiolum";
       group = "tinc.retiolum";
     };
     retiolum-ed25519 = {
-      file = inputs.secrets + "/ful-retiolum-privateKey-ed25519.age";
+      file = ../../secrets/ful-retiolum-privateKey-ed25519.age;
       mode = "400";
       owner = "tinc.retiolum";
       group = "tinc.retiolum";
     };
-    root.file = inputs.secrets + "/ful-root.age";
-    restic.file = inputs.secrets + "/restic.age";
+    root.file = ../../secrets/ful-root.age;
+    restic.file = ../../secrets/restic.age;
   };
 
   services.restic.backups.niveum = {

systems/kabsa/configuration.nix

@@ -1,6 +1,7 @@
 {
-  inputs,
+  config,
   pkgs,
+  lib,
   ...
 }: let
   inherit (import ../../lib) retiolumAddresses;
@@ -25,20 +26,20 @@ in {
 
   age.secrets = {
     retiolum-rsa = {
-      file = inputs.secrets + "/kabsa-retiolum-privateKey-rsa.age";
+      file = ../../secrets/kabsa-retiolum-privateKey-rsa.age;
       mode = "400";
       owner = "tinc.retiolum";
       group = "tinc.retiolum";
     };
     retiolum-ed25519 = {
-      file = inputs.secrets + "/kabsa-retiolum-privateKey-ed25519.age";
+      file = ../../secrets/kabsa-retiolum-privateKey-ed25519.age;
       mode = "400";
       owner = "tinc.retiolum";
       group = "tinc.retiolum";
     };
-    restic.file = inputs.secrets + "/restic.age";
-    syncthing-cert.file = inputs.secrets + "/kabsa-syncthing-cert.age";
-    syncthing-key.file = inputs.secrets + "/kabsa-syncthing-key.age";
+    restic.file = ../../secrets/restic.age;
+    syncthing-cert.file = ../../secrets/kabsa-syncthing-cert.age;
+    syncthing-key.file = ../../secrets/kabsa-syncthing-key.age;
   };
 
   environment.systemPackages = [pkgs.minecraft pkgs.zeroad];

systems/makanek/configuration.nix

@@ -1,5 +1,5 @@
 {
-  inputs,
+  lib,
   config,
   pkgs,
   ...
@@ -84,18 +84,18 @@ in {
 
   age.secrets = {
     retiolum-rsa = {
-      file = inputs.secrets + "/makanek-retiolum-privateKey-rsa.age";
+      file = ../../secrets/makanek-retiolum-privateKey-rsa.age;
       mode = "400";
       owner = "tinc.retiolum";
       group = "tinc.retiolum";
     };
     retiolum-ed25519 = {
-      file = inputs.secrets + "/makanek-retiolum-privateKey-ed25519.age";
+      file = ../../secrets/makanek-retiolum-privateKey-ed25519.age;
       mode = "400";
       owner = "tinc.retiolum";
       group = "tinc.retiolum";
     };
-    restic.file = inputs.secrets + "/restic.age";
+    restic.file = ../../secrets/restic.age;
   };
 
   system.stateVersion = "20.03";

systems/makanek/menstruation.nix

@@ -1,6 +1,7 @@
 {
   config,
   pkgs,
+  lib,
   inputs,
   ...
 }: let
@@ -46,7 +47,7 @@ in {
     };
   };
 
-  age.secrets.telegram-token-menstruation.file = inputs.secrets + "/telegram-token-menstruation.age";
+  age.secrets.telegram-token-menstruation.file = ../../secrets/telegram-token-menstruation.age;
 
   systemd.services.menstruation-backend = {
     wants = ["network-online.target"];

systems/makanek/monitoring/default.nix

@@ -2,7 +2,6 @@
   lib,
   config,
   pkgs,
-  inputs,
   ...
 }: let
   lokiConfig = import ./loki.nix;
@@ -242,19 +241,19 @@ in {
 
   age.secrets = {
     email-password-cock = {
-      file = inputs.secrets + "/email-password-cock.age";
+      file = ../../../secrets/email-password-cock.age;
       owner = "grafana";
       group = "grafana";
       mode = "440";
     };
     grafana-password-admin = {
-      file = inputs.secrets + "/grafana-password-admin.age";
+      file = ../../../secrets/grafana-password-admin.age;
       owner = "grafana";
       group = "grafana";
       mode = "440";
     };
     alertmanager-token-reporters = {
-      file = inputs.secrets + "/alertmanager-token-reporters.age";
+      file = ../../../secrets/alertmanager-token-reporters.age;
       owner = "prometheus";
       group = "prometheus";
       mode = "440";

systems/makanek/nextcloud.nix

@@ -1,7 +1,6 @@
 {
   pkgs,
   config,
-  inputs,
   lib,
   ...
 }: let
@@ -9,13 +8,13 @@
 in {
   age.secrets = {
     nextcloud-password-database = {
-      file = inputs.secrets + "/nextcloud-password-database.age";
+      file = ../../secrets/nextcloud-password-database.age;
       owner = "nextcloud";
       group = "nextcloud";
       mode = "440";
     };
     nextcloud-password-admin = {
-      file = inputs.secrets + "/nextcloud-password-admin.age";
+      file = ../../secrets/nextcloud-password-admin.age;
       owner = "nextcloud";
       group = "nextcloud";
       mode = "440";

systems/makanek/onlyoffice.nix

@@ -1,5 +1,5 @@
 {
-  inputs,
+  pkgs,
   config,
   ...
 }: {
@@ -11,7 +11,7 @@
   };
 
   age.secrets.onlyoffice-key = {
-    file = inputs.secrets + "/onlyoffice-jwt-key.age";
+    file = ../../secrets/onlyoffice-jwt-key.age;
     owner = "onlyoffice";
   };
 

systems/makanek/retiolum-map.nix

@@ -45,7 +45,7 @@ in {
     };
   };
 
-  age.secrets.maxmind-license-key.file = inputs.secrets + "/maxmind-license-key.age";
+  age.secrets.maxmind-license-key.file = ../../secrets/maxmind-license-key.age;
 
   niveum.passport.services = [
     {

systems/makanek/tt-rss.nix

@@ -1,5 +1,6 @@
 {
-  inputs,
+  pkgs,
+  lib,
   config,
   ...
 }: let
@@ -18,7 +19,7 @@ in {
     };
   };
 
-  age.secrets.miniflux-credentials.file = inputs.secrets + "/miniflux-credentials.age";
+  age.secrets.miniflux-credentials.file = ../../secrets/miniflux-credentials.age;
 
   services.postgresqlBackup = {
     enable = true;

systems/makanek/weechat.nix

@@ -1,7 +1,7 @@
 {
   lib,
   pkgs,
-  inputs,
+  config,
   ...
 }: let
   inherit (import ../../lib) kieran;
@@ -205,7 +205,7 @@ in {
   };
 
   age.secrets.weechat-sec = {
-    file = inputs.secrets + "/weechat-sec.conf.age";
+    file = ../../secrets/weechat-sec.conf.age;
     path = "/var/lib/weechat/sec.conf";
     owner = "weechat";
     group = "weechat";

systems/manakish/configuration.nix

@@ -1,4 +1,8 @@
-{inputs, ...}: let
+{
+  config,
+  pkgs,
+  ...
+}: let
   inherit (import ../../lib) retiolumAddresses;
 in {
   imports = [
@@ -12,19 +16,19 @@ in {
 
   age.secrets = {
     retiolum-rsa = {
-      file = inputs.secrets + "/manakish-retiolum-privateKey-rsa.age";
+      file = ../../secrets/manakish-retiolum-privateKey-rsa.age;
       mode = "400";
       owner = "tinc.retiolum";
       group = "tinc.retiolum";
     };
     retiolum-ed25519 = {
-      file = inputs.secrets + "/manakish-retiolum-privateKey-ed25519.age";
+      file = ../../secrets/manakish-retiolum-privateKey-ed25519.age;
       mode = "400";
       owner = "tinc.retiolum";
       group = "tinc.retiolum";
     };
-    syncthing-cert.file = inputs.secrets + "/manakish-syncthing-cert.age";
-    syncthing-key.file = inputs.secrets + "/manakish-syncthing-key.age";
+    syncthing-cert.file = ../../secrets/manakish-syncthing-cert.age;
+    syncthing-key.file = ../../secrets/manakish-syncthing-key.age;
   };
 
   niveum = {

systems/tabula/configuration.nix

@@ -1,5 +1,5 @@
 {
-  inputs,
+  config,
   pkgs,
   ...
 }: let
@@ -15,13 +15,13 @@ in {
 
   age.secrets = {
     retiolum-rsa = {
-      file = inputs.secrets + "/tabula-retiolum-privateKey-rsa.age";
+      file = ../../secrets/tabula-retiolum-privateKey-rsa.age;
       mode = "400";
       owner = "tinc.retiolum";
       group = "tinc.retiolum";
     };
     retiolum-ed25519 = {
-      file = inputs.secrets + "/tabula-retiolum-privateKey-ed25519.age";
+      file = ../../secrets/tabula-retiolum-privateKey-ed25519.age;
       mode = "400";
       owner = "tinc.retiolum";
       group = "tinc.retiolum";

systems/tahina/configuration.nix

@@ -1,5 +1,5 @@
 {
-  inputs,
+  config,
   pkgs,
   ...
 }: let
@@ -15,13 +15,13 @@ in {
 
   age.secrets = {
     retiolum-rsa = {
-      file = inputs.secrets + "/tahina-retiolum-privateKey-rsa.age";
+      file = ../../secrets/tahina-retiolum-privateKey-rsa.age;
       mode = "400";
       owner = "tinc.retiolum";
       group = "tinc.retiolum";
     };
     retiolum-ed25519 = {
-      file = inputs.secrets + "/tahina-retiolum-privateKey-ed25519.age";
+      file = ../../secrets/tahina-retiolum-privateKey-ed25519.age;
       mode = "400";
       owner = "tinc.retiolum";
       group = "tinc.retiolum";

systems/zaatar/configuration.nix

@@ -1,7 +1,7 @@
 {
   config,
   pkgs,
-  inputs,
+  lib,
   ...
 }: let
   inherit (import ../../lib) retiolumAddresses restic;
@@ -31,18 +31,18 @@ in {
 
   age.secrets = {
     retiolum-rsa = {
-      file = inputs.secrets + "/zaatar-retiolum-privateKey-rsa.age";
+      file = ../../secrets/zaatar-retiolum-privateKey-rsa.age;
       mode = "400";
       owner = "tinc.retiolum";
       group = "tinc.retiolum";
     };
     retiolum-ed25519 = {
-      file = inputs.secrets + "/zaatar-retiolum-privateKey-ed25519.age";
+      file = ../../secrets/zaatar-retiolum-privateKey-ed25519.age;
       mode = "400";
       owner = "tinc.retiolum";
       group = "tinc.retiolum";
     };
-    restic.file = inputs.secrets + "/restic.age";
+    restic.file = ../../secrets/restic.age;
   };
 
   services.restic.backups.moodle-dl = {

systems/zaatar/moodle-dl-meinhark.nix

@@ -2,7 +2,6 @@
   config,
   pkgs,
   lib,
-  inputs,
   ...
 }: let
   moodle-dl-package = pkgs.moodle-dl.overrideAttrs (old:
@@ -14,14 +13,14 @@ in {
   age.secrets = {
     /*
     moodle-dl-tokens = {
-      file = inputs.secrets + "/zaatar-moodle-dl-tokens.json.age";
+      file = ../../secrets/zaatar-moodle-dl-tokens.json.age;
       owner = "moodle-dl";
       group = "moodle-dl";
       mode = "400";
     };
     */
     moodle-dl-basicAuth = {
-      file = inputs.secrets + "/zaatar-moodle-dl-basicAuth.age";
+      file = ../../secrets/zaatar-moodle-dl-basicAuth.age;
       owner = "nginx";
       group = "nginx";
       mode = "400";

systems/zaatar/mpd.nix

@@ -2,7 +2,6 @@
   config,
   pkgs,
   lib,
-  inputs,
   ...
 }: let
   firewall = (import ../../lib).firewall lib;
@@ -103,14 +102,14 @@ in {
 
   age.secrets = {
     ympd-basicAuth = {
-      file = inputs.secrets + "/zaatar-ympd-basicAuth.age";
+      file = ../../secrets/zaatar-ympd-basicAuth.age;
       owner = "nginx";
       group = "nginx";
       mode = "400";
     };
-    syncthing-cert.file = inputs.secrets + "/zaatar-syncthing-cert.age";
-    syncthing-key.file = inputs.secrets + "/zaatar-syncthing-key.age";
-    di-fm-key.file = inputs.secrets + "/di-fm-key.age";
+    syncthing-cert.file = ../../secrets/zaatar-syncthing-cert.age;
+    syncthing-key.file = ../../secrets/zaatar-syncthing-key.age;
+    di-fm-key.file = ../../secrets/di-fm-key.age;
   };
 
   services.nginx = {

systems/zaatar/spotifyd.nix

@@ -1,8 +1,4 @@
-{
-  config,
-  inputs,
-  ...
-}: {
+{config, ...}: {
   services.spotifyd = {
     enable = true;
     settings = {
@@ -25,8 +21,8 @@
   };
 
   age.secrets = {
-    spotify-username.file = inputs.secrets + "/spotify-username.age";
-    spotify-password.file = inputs.secrets + "/spotify-password.age";
+    spotify-username.file = ../../secrets/spotify-username.age;
+    spotify-password.file = ../../secrets/spotify-password.age;
   };
 
   # ref https://github.com/NixOS/nixpkgs/issues/71362#issuecomment-753461502