From d0e5ae23a3855850cbd640756e62278be23d64f6 Mon Sep 17 00:00:00 2001
From: Aly Raffauf <aly@raffauflabs.com>
Date: Mon, 22 Jul 2024 19:56:56 -0400
Subject: [PATCH] hosts: add secrets.nix

---
 hosts/fallarbor/default.nix |  6 +-----
 hosts/fallarbor/secrets.nix |  6 ++++++
 hosts/lavaridge/default.nix |  6 +-----
 hosts/lavaridge/secrets.nix |  6 ++++++
 hosts/mauville/default.nix  | 30 +-----------------------------
 hosts/mauville/secrets.nix  | 29 +++++++++++++++++++++++++++++
 hosts/petalburg/default.nix |  8 +-------
 hosts/petalburg/secrets.nix |  6 ++++++
 hosts/rustboro/default.nix  |  6 +-----
 hosts/rustboro/secrets.nix  |  6 ++++++
 10 files changed, 58 insertions(+), 51 deletions(-)
 create mode 100644 hosts/fallarbor/secrets.nix
 create mode 100644 hosts/lavaridge/secrets.nix
 create mode 100644 hosts/mauville/secrets.nix
 create mode 100644 hosts/petalburg/secrets.nix
 create mode 100644 hosts/rustboro/secrets.nix

diff --git a/hosts/fallarbor/default.nix b/hosts/fallarbor/default.nix
index 2f30de15..7cac8ced 100644
--- a/hosts/fallarbor/default.nix
+++ b/hosts/fallarbor/default.nix
@@ -8,14 +8,10 @@
     ../common
     ./disko.nix
     ./home.nix
+    ./secrets.nix
     self.inputs.nixhw.nixosModules.framework-13-intel-11th
   ];
 
-  age.secrets = {
-    syncthingCert.file = ../../secrets/syncthing/fallarbor/cert.age;
-    syncthingKey.file = ../../secrets/syncthing/fallarbor/key.age;
-  };
-
   boot.loader = {
     efi.canTouchEfiVariables = true;
     systemd-boot.enable = true;
diff --git a/hosts/fallarbor/secrets.nix b/hosts/fallarbor/secrets.nix
new file mode 100644
index 00000000..40854dcd
--- /dev/null
+++ b/hosts/fallarbor/secrets.nix
@@ -0,0 +1,6 @@
+{
+  age.secrets = {
+    syncthingCert.file = ../../secrets/syncthing/fallarbor/cert.age;
+    syncthingKey.file = ../../secrets/syncthing/fallarbor/key.age;
+  };
+}
diff --git a/hosts/lavaridge/default.nix b/hosts/lavaridge/default.nix
index c3a98b1d..e202004b 100644
--- a/hosts/lavaridge/default.nix
+++ b/hosts/lavaridge/default.nix
@@ -8,14 +8,10 @@
     ../common
     ./disko.nix
     ./home.nix
+    ./secrets.nix
     self.inputs.nixhw.nixosModules.framework-13-amd-7000
   ];
 
-  age.secrets = {
-    syncthingCert.file = ../../secrets/syncthing/lavaridge/cert.age;
-    syncthingKey.file = ../../secrets/syncthing/lavaridge/key.age;
-  };
-
   boot.loader = {
     efi.canTouchEfiVariables = true;
     systemd-boot.enable = true;
diff --git a/hosts/lavaridge/secrets.nix b/hosts/lavaridge/secrets.nix
new file mode 100644
index 00000000..bcf37926
--- /dev/null
+++ b/hosts/lavaridge/secrets.nix
@@ -0,0 +1,6 @@
+{
+  age.secrets = {
+    syncthingCert.file = ../../secrets/syncthing/lavaridge/cert.age;
+    syncthingKey.file = ../../secrets/syncthing/lavaridge/key.age;
+  };
+}
diff --git a/hosts/mauville/default.nix b/hosts/mauville/default.nix
index b3d4def9..50731575 100644
--- a/hosts/mauville/default.nix
+++ b/hosts/mauville/default.nix
@@ -14,6 +14,7 @@ in {
     ../common
     ./disko.nix
     ./home.nix
+    ./secrets.nix
     self.inputs.nixhw.nixosModules.common-amd-cpu
     self.inputs.nixhw.nixosModules.common-amd-gpu
     self.inputs.nixhw.nixosModules.common-bluetooth
@@ -21,35 +22,6 @@ in {
     self.inputs.raffauflabs.nixosModules.raffauflabs
   ];
 
-  age.secrets = {
-    cloudflare.file = ../../secrets/cloudflare.age;
-
-    lastfmId = {
-      owner = "navidrome";
-      file = ../../secrets/lastFM/apiKey.age;
-    };
-
-    lastfmSecret = {
-      owner = "navidrome";
-      file = ../../secrets/lastFM/secret.age;
-    };
-
-    spotifyId = {
-      owner = "navidrome";
-      file = ../../secrets/spotify/clientId.age;
-    };
-
-    spotifySecret = {
-      owner = "navidrome";
-      file = ../../secrets/spotify/clientSecret.age;
-    };
-
-    syncthingCert.file = ../../secrets/syncthing/mauville/cert.age;
-    syncthingKey.file = ../../secrets/syncthing/mauville/key.age;
-
-    transmission.file = ../../secrets/transmission.age;
-  };
-
   boot = {
     initrd = {
       availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod" "r8169"];
diff --git a/hosts/mauville/secrets.nix b/hosts/mauville/secrets.nix
new file mode 100644
index 00000000..9fa3a396
--- /dev/null
+++ b/hosts/mauville/secrets.nix
@@ -0,0 +1,29 @@
+{
+  age.secrets = {
+    cloudflare.file = ../../secrets/cloudflare.age;
+
+    lastfmId = {
+      owner = "navidrome";
+      file = ../../secrets/lastFM/apiKey.age;
+    };
+
+    lastfmSecret = {
+      owner = "navidrome";
+      file = ../../secrets/lastFM/secret.age;
+    };
+
+    spotifyId = {
+      owner = "navidrome";
+      file = ../../secrets/spotify/clientId.age;
+    };
+
+    spotifySecret = {
+      owner = "navidrome";
+      file = ../../secrets/spotify/clientSecret.age;
+    };
+
+    syncthingCert.file = ../../secrets/syncthing/mauville/cert.age;
+    syncthingKey.file = ../../secrets/syncthing/mauville/key.age;
+    transmission.file = ../../secrets/transmission.age;
+  };
+}
diff --git a/hosts/petalburg/default.nix b/hosts/petalburg/default.nix
index 8948d5ec..08336b36 100644
--- a/hosts/petalburg/default.nix
+++ b/hosts/petalburg/default.nix
@@ -1,8 +1,6 @@
 # Lenovo Yoga 9i Convertible with Intel Core i7-1360P, 16GB RAM, 512GB SSD.
 {
   config,
-  lib,
-  pkgs,
   self,
   ...
 }: {
@@ -10,14 +8,10 @@
     ../common
     ./disko.nix
     ./home.nix
+    ./secrets.nix
     self.inputs.nixhw.nixosModules.lenovo-yoga-9i-intel-13th
   ];
 
-  age.secrets = {
-    syncthingCert.file = ../../secrets/syncthing/petalburg/cert.age;
-    syncthingKey.file = ../../secrets/syncthing/petalburg/key.age;
-  };
-
   boot.loader = {
     efi.canTouchEfiVariables = true;
     systemd-boot.enable = true;
diff --git a/hosts/petalburg/secrets.nix b/hosts/petalburg/secrets.nix
new file mode 100644
index 00000000..749f6183
--- /dev/null
+++ b/hosts/petalburg/secrets.nix
@@ -0,0 +1,6 @@
+{
+  age.secrets = {
+    syncthingCert.file = ../../secrets/syncthing/petalburg/cert.age;
+    syncthingKey.file = ../../secrets/syncthing/petalburg/key.age;
+  };
+}
diff --git a/hosts/rustboro/default.nix b/hosts/rustboro/default.nix
index 4423278e..d1cf12e5 100644
--- a/hosts/rustboro/default.nix
+++ b/hosts/rustboro/default.nix
@@ -8,14 +8,10 @@
     ../common
     ./disko.nix
     ./home.nix
+    ./secrets.nix
     self.inputs.nixhw.nixosModules.thinkpad-t440p
   ];
 
-  age.secrets = {
-    syncthingCert.file = ../../secrets/syncthing/rustboro/cert.age;
-    syncthingKey.file = ../../secrets/syncthing/rustboro/key.age;
-  };
-
   boot.loader = {
     efi.canTouchEfiVariables = true;
     systemd-boot.enable = true;
diff --git a/hosts/rustboro/secrets.nix b/hosts/rustboro/secrets.nix
new file mode 100644
index 00000000..41c8519d
--- /dev/null
+++ b/hosts/rustboro/secrets.nix
@@ -0,0 +1,6 @@
+{
+  age.secrets = {
+    syncthingCert.file = ../../secrets/syncthing/rustboro/cert.age;
+    syncthingKey.file = ../../secrets/syncthing/rustboro/key.age;
+  };
+}