feat: convert to flake

feat(zaatar): convert to flake

feat(tahina, tabula): convert to flake

feat(makanek): convert to flake

feat(manakish, zaatar): convert to flake

feat(ci): build flake systems

fix: ci build

feat: secrets via submodule

foo

foo

foo

systems/ful/configuration.nix

@@ -4,19 +4,26 @@
   pkgs,
   ...
 }: let
-  inherit (import <niveum/lib>) kieran retiolumAddresses restic;
+  inherit (import ../../lib) kieran retiolumAddresses restic;
 in {
   imports = [
     ./hardware-configuration.nix
     ./matomo.nix
-    <niveum/configs/monitoring.nix>
-    <niveum/configs/nix.nix>
-    <niveum/configs/save-space.nix>
-    <niveum/configs/spacetime.nix>
-    <niveum/configs/sshd.nix>
-    <niveum/configs/retiolum.nix>
+    ../../configs/monitoring.nix
+    ../../configs/save-space.nix
+    ../../configs/spacetime.nix
+    ../../configs/retiolum.nix
+    ../../configs/sshd.nix
+    ../../configs/nix.nix
   ];
 
+  age.secrets = {
+    retiolum-rsa.file = ../../secrets/ful-retiolum-privateKey-rsa.age;
+    retiolum-ed25519.file = ../../secrets/ful-retiolum-privateKey-rsa.age;
+    root.file = ../../secrets/ful-root.age;
+    restic.file = ../../secrets/restic.age;
+  };
+
   services.restic.backups.niveum = {
     initialize = true;
     inherit (restic) repository;
@@ -24,14 +31,12 @@ in {
       OnCalendar = "daily";
       RandomizedDelaySec = "1h";
     };
-    passwordFile = toString <secrets/restic/password>;
+    passwordFile = config.age.secrets.restic.path;
     paths = [
       config.services.mysqlBackup.location
     ];
   };
 
-  nix.nixPath = ["/var/src"];
-
   networking = {
     firewall.allowedTCPPorts = [80 443];
     hostName = "ful";
@@ -56,7 +61,7 @@ in {
     defaults.email = kieran.email;
   };
 
-  users.users.root.passwordFile = toString <system-secrets/root.password>;
+  users.users.root.passwordFile = config.age.secrets.root.path;
 
   environment.systemPackages = [pkgs.vim pkgs.git pkgs.tmux pkgs.python3];