From bb58bcfed58846fdc8411e5aeb4f14598c1f1c27 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= <motiejus@jakstys.lt>
Date: Tue, 27 Aug 2024 08:57:17 +0300
Subject: [PATCH] finish/fix moving age.secrets

---
 flake.nix                         | 12 ------------
 hosts/fra1-b/configuration.nix    |  6 +++---
 hosts/fwminex/configuration.nix   | 28 ++++++++++++++--------------
 hosts/mtworx/configuration.nix    | 10 +++++-----
 hosts/vno1-gdrx/configuration.nix | 12 ++++++------
 hosts/vno3-rp3b/configuration.nix |  8 ++++++++
 6 files changed, 36 insertions(+), 40 deletions(-)

diff --git a/flake.nix b/flake.nix
index e9b20d2..2892415 100644
--- a/flake.nix
+++ b/flake.nix
@@ -187,21 +187,9 @@
           modules = [
             { nixpkgs.overlays = overlays; }
             ./hosts/vno3-rp3b/configuration.nix
-
             ./modules
-
             agenix.nixosModules.default
             home-manager.nixosModules.home-manager
-
-            {
-              age.secrets = {
-                motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
-                root-passwd-hash.file = ./secrets/root_passwd_hash.age;
-                sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
-
-                datapool-passphrase.file = ./secrets/vno3-rp3b/datapool-passphrase.age;
-              };
-            }
           ];
 
           specialArgs = {
diff --git a/hosts/fra1-b/configuration.nix b/hosts/fra1-b/configuration.nix
index 7871e69..fdbb465 100644
--- a/hosts/fra1-b/configuration.nix
+++ b/hosts/fra1-b/configuration.nix
@@ -11,9 +11,9 @@ in
   imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
 
   age.secrets = {
-    motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
-    root-passwd-hash.file = ./secrets/root_passwd_hash.age;
-    sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
+    motiejus-passwd-hash.file = ../../secrets/motiejus_passwd_hash.age;
+    root-passwd-hash.file = ../../secrets/root_passwd_hash.age;
+    sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age;
     ssh8022-server = {
       file = ../../secrets/ssh8022.age;
       owner = "spiped";
diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix
index 4592978..80b2733 100644
--- a/hosts/fwminex/configuration.nix
+++ b/hosts/fwminex/configuration.nix
@@ -14,20 +14,20 @@ in
   ];
 
   age.secrets = {
-    motiejus-server-passwd-hash.file = ./secrets/motiejus_server_passwd_hash.age;
-    root-server-passwd-hash.file = ./secrets/root_server_passwd_hash.age;
-    sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
-    headscale-client-oidc.file = ./secrets/headscale/oidc_client_secret2.age;
-    borgbackup-password.file = ./secrets/fwminex/borgbackup-password.age;
-    grafana-oidc.file = ./secrets/grafana.jakstys.lt/oidc.age;
-    letsencrypt-account-key.file = ./secrets/letsencrypt/account.key.age;
-    vaultwarden-secrets-env.file = ./secrets/vaultwarden/secrets.env.age;
-    photoprism-admin-passwd.file = ./secrets/photoprism/admin_password.age;
-    synapse-jakstys-signing-key.file = ./secrets/synapse/jakstys_lt_signing_key.age;
-    synapse-registration-shared-secret.file = ./secrets/synapse/registration_shared_secret.age;
-    synapse-macaroon-secret-key.file = ./secrets/synapse/macaroon_secret_key.age;
-    syncthing-key.file = ./secrets/fwminex/syncthing/key.pem.age;
-    syncthing-cert.file = ./secrets/fwminex/syncthing/cert.pem.age;
+    motiejus-server-passwd-hash.file = ../../secrets/motiejus_server_passwd_hash.age;
+    root-server-passwd-hash.file = ../../secrets/root_server_passwd_hash.age;
+    sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age;
+    headscale-client-oidc.file = ../../secrets/headscale/oidc_client_secret2.age;
+    borgbackup-password.file = ../../secrets/fwminex/borgbackup-password.age;
+    grafana-oidc.file = ../../secrets/grafana.jakstys.lt/oidc.age;
+    letsencrypt-account-key.file = ../../secrets/letsencrypt/account.key.age;
+    vaultwarden-secrets-env.file = ../../secrets/vaultwarden/secrets.env.age;
+    photoprism-admin-passwd.file = ../../secrets/photoprism/admin_password.age;
+    synapse-jakstys-signing-key.file = ../../secrets/synapse/jakstys_lt_signing_key.age;
+    synapse-registration-shared-secret.file = ../../secrets/synapse/registration_shared_secret.age;
+    synapse-macaroon-secret-key.file = ../../secrets/synapse/macaroon_secret_key.age;
+    syncthing-key.file = ../../secrets/fwminex/syncthing/key.pem.age;
+    syncthing-cert.file = ../../secrets/fwminex/syncthing/cert.pem.age;
 
     ssh8022-server = {
       file = ../../secrets/ssh8022.age;
diff --git a/hosts/mtworx/configuration.nix b/hosts/mtworx/configuration.nix
index 52baca8..3834fc5 100644
--- a/hosts/mtworx/configuration.nix
+++ b/hosts/mtworx/configuration.nix
@@ -17,12 +17,12 @@ in
   ];
 
   age.secrets = {
-    motiejus-work-passwd-hash.file = ./secrets/motiejus_work_passwd_hash.age;
-    root-work-passwd-hash.file = ./secrets/root_work_passwd_hash.age;
-    sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
+    motiejus-work-passwd-hash.file = ../../secrets/motiejus_work_passwd_hash.age;
+    root-work-passwd-hash.file = ../../secrets/root_work_passwd_hash.age;
+    sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age;
 
-    syncthing-key.file = ./secrets/mtworx/syncthing/key.pem.age;
-    syncthing-cert.file = ./secrets/mtworx/syncthing/cert.pem.age;
+    syncthing-key.file = ../../secrets/mtworx/syncthing/key.pem.age;
+    syncthing-cert.file = ../../secrets/mtworx/syncthing/cert.pem.age;
 
     ssh8022-client = {
       file = ../../secrets/ssh8022.age;
diff --git a/hosts/vno1-gdrx/configuration.nix b/hosts/vno1-gdrx/configuration.nix
index 2f80e64..6abed5f 100644
--- a/hosts/vno1-gdrx/configuration.nix
+++ b/hosts/vno1-gdrx/configuration.nix
@@ -11,12 +11,12 @@ in
   ];
 
   age.secrets = {
-    motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
-    root-passwd-hash.file = ./secrets/root_passwd_hash.age;
-    sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
-    borgbackup-fwminex.file = ./secrets/fwminex/borgbackup-password.age;
-    syncthing-key.file = ./secrets/vno1-gdrx/syncthing/key.pem.age;
-    syncthing-cert.file = ./secrets/vno1-gdrx/syncthing/cert.pem.age;
+    motiejus-passwd-hash.file = ../../secrets/motiejus_passwd_hash.age;
+    root-passwd-hash.file = ../../secrets/root_passwd_hash.age;
+    sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age;
+    borgbackup-fwminex.file = ../../secrets/fwminex/borgbackup-password.age;
+    syncthing-key.file = ../../secrets/vno1-gdrx/syncthing/key.pem.age;
+    syncthing-cert.file = ../../secrets/vno1-gdrx/syncthing/cert.pem.age;
 
     ssh8022-client = {
       file = ../../secrets/ssh8022.age;
diff --git a/hosts/vno3-rp3b/configuration.nix b/hosts/vno3-rp3b/configuration.nix
index 09f2ba6..a2adf27 100644
--- a/hosts/vno3-rp3b/configuration.nix
+++ b/hosts/vno3-rp3b/configuration.nix
@@ -10,6 +10,14 @@
 {
   imports = [ ../../modules/profiles/sdcard ];
 
+  age.secrets = {
+    motiejus-passwd-hash.file = ../../secrets/motiejus_passwd_hash.age;
+    root-passwd-hash.file = ../../secrets/root_passwd_hash.age;
+    sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age;
+
+    datapool-passphrase.file = ../../secrets/vno3-rp3b/datapool-passphrase.age;
+  };
+
   boot = {
     initrd = {
       availableKernelModules = [ "usbhid" ];