finish/fix moving age.secrets

flake.nix

@@ -187,21 +187,9 @@
           modules = [
             { nixpkgs.overlays = overlays; }
             ./hosts/vno3-rp3b/configuration.nix
-
             ./modules
-
             agenix.nixosModules.default
             home-manager.nixosModules.home-manager
-
-            {
-              age.secrets = {
-                motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
-                root-passwd-hash.file = ./secrets/root_passwd_hash.age;
-                sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
-
-                datapool-passphrase.file = ./secrets/vno3-rp3b/datapool-passphrase.age;
-              };
-            }
           ];
 
           specialArgs = {

hosts/fra1-b/configuration.nix

@@ -11,9 +11,9 @@ in
   imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
 
   age.secrets = {
-    motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
+    motiejus-passwd-hash.file = ../../secrets/motiejus_passwd_hash.age;
-    root-passwd-hash.file = ./secrets/root_passwd_hash.age;
+    root-passwd-hash.file = ../../secrets/root_passwd_hash.age;
-    sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
+    sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age;
     ssh8022-server = {
       file = ../../secrets/ssh8022.age;
       owner = "spiped";

hosts/fwminex/configuration.nix

@@ -14,20 +14,20 @@ in
   ];
 
   age.secrets = {
-    motiejus-server-passwd-hash.file = ./secrets/motiejus_server_passwd_hash.age;
+    motiejus-server-passwd-hash.file = ../../secrets/motiejus_server_passwd_hash.age;
-    root-server-passwd-hash.file = ./secrets/root_server_passwd_hash.age;
+    root-server-passwd-hash.file = ../../secrets/root_server_passwd_hash.age;
-    sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
+    sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age;
-    headscale-client-oidc.file = ./secrets/headscale/oidc_client_secret2.age;
+    headscale-client-oidc.file = ../../secrets/headscale/oidc_client_secret2.age;
-    borgbackup-password.file = ./secrets/fwminex/borgbackup-password.age;
+    borgbackup-password.file = ../../secrets/fwminex/borgbackup-password.age;
-    grafana-oidc.file = ./secrets/grafana.jakstys.lt/oidc.age;
+    grafana-oidc.file = ../../secrets/grafana.jakstys.lt/oidc.age;
-    letsencrypt-account-key.file = ./secrets/letsencrypt/account.key.age;
+    letsencrypt-account-key.file = ../../secrets/letsencrypt/account.key.age;
-    vaultwarden-secrets-env.file = ./secrets/vaultwarden/secrets.env.age;
+    vaultwarden-secrets-env.file = ../../secrets/vaultwarden/secrets.env.age;
-    photoprism-admin-passwd.file = ./secrets/photoprism/admin_password.age;
+    photoprism-admin-passwd.file = ../../secrets/photoprism/admin_password.age;
-    synapse-jakstys-signing-key.file = ./secrets/synapse/jakstys_lt_signing_key.age;
+    synapse-jakstys-signing-key.file = ../../secrets/synapse/jakstys_lt_signing_key.age;
-    synapse-registration-shared-secret.file = ./secrets/synapse/registration_shared_secret.age;
+    synapse-registration-shared-secret.file = ../../secrets/synapse/registration_shared_secret.age;
-    synapse-macaroon-secret-key.file = ./secrets/synapse/macaroon_secret_key.age;
+    synapse-macaroon-secret-key.file = ../../secrets/synapse/macaroon_secret_key.age;
-    syncthing-key.file = ./secrets/fwminex/syncthing/key.pem.age;
+    syncthing-key.file = ../../secrets/fwminex/syncthing/key.pem.age;
-    syncthing-cert.file = ./secrets/fwminex/syncthing/cert.pem.age;
+    syncthing-cert.file = ../../secrets/fwminex/syncthing/cert.pem.age;
 
     ssh8022-server = {
       file = ../../secrets/ssh8022.age;

hosts/mtworx/configuration.nix

@@ -17,12 +17,12 @@ in
   ];
 
   age.secrets = {
-    motiejus-work-passwd-hash.file = ./secrets/motiejus_work_passwd_hash.age;
+    motiejus-work-passwd-hash.file = ../../secrets/motiejus_work_passwd_hash.age;
-    root-work-passwd-hash.file = ./secrets/root_work_passwd_hash.age;
+    root-work-passwd-hash.file = ../../secrets/root_work_passwd_hash.age;
-    sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
+    sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age;
 
-    syncthing-key.file = ./secrets/mtworx/syncthing/key.pem.age;
+    syncthing-key.file = ../../secrets/mtworx/syncthing/key.pem.age;
-    syncthing-cert.file = ./secrets/mtworx/syncthing/cert.pem.age;
+    syncthing-cert.file = ../../secrets/mtworx/syncthing/cert.pem.age;
 
     ssh8022-client = {
       file = ../../secrets/ssh8022.age;

hosts/vno1-gdrx/configuration.nix

@@ -11,12 +11,12 @@ in
   ];
 
   age.secrets = {
-    motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
+    motiejus-passwd-hash.file = ../../secrets/motiejus_passwd_hash.age;
-    root-passwd-hash.file = ./secrets/root_passwd_hash.age;
+    root-passwd-hash.file = ../../secrets/root_passwd_hash.age;
-    sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
+    sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age;
-    borgbackup-fwminex.file = ./secrets/fwminex/borgbackup-password.age;
+    borgbackup-fwminex.file = ../../secrets/fwminex/borgbackup-password.age;
-    syncthing-key.file = ./secrets/vno1-gdrx/syncthing/key.pem.age;
+    syncthing-key.file = ../../secrets/vno1-gdrx/syncthing/key.pem.age;
-    syncthing-cert.file = ./secrets/vno1-gdrx/syncthing/cert.pem.age;
+    syncthing-cert.file = ../../secrets/vno1-gdrx/syncthing/cert.pem.age;
 
     ssh8022-client = {
       file = ../../secrets/ssh8022.age;

hosts/vno3-rp3b/configuration.nix

@@ -10,6 +10,14 @@
 {
   imports = [ ../../modules/profiles/sdcard ];
 
+  age.secrets = {
+    motiejus-passwd-hash.file = ../../secrets/motiejus_passwd_hash.age;
+    root-passwd-hash.file = ../../secrets/root_passwd_hash.age;
+    sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age;
+
+    datapool-passphrase.file = ../../secrets/vno3-rp3b/datapool-passphrase.age;
+  };
+
   boot = {
     initrd = {
       availableKernelModules = [ "usbhid" ];