refactor: sops-nix

2025-07-22 17:32:34 +08:00
parent 3263d72b59
commit 8ca0a6cc0f
12 changed files with 38 additions and 33 deletions
--- a/config/hosts/imxyy-nix-server/build.nix
+++ b/config/hosts/imxyy-nix-server/build.nix
@@ -1,12 +1,12 @@
 {
  config,
  pkgs,
-  sopsRoot,
+  secrets,
  ...
 }:
 {
  sops.secrets.et-imxyy-nix-server-nixremote = {
-    sopsFile = sopsRoot + /et-imxyy-nix-server-nixremote.toml;
+    sopsFile = secrets.et-imxyy-nix-server-nixremote;
    format = "binary";
  };
  environment.systemPackages = [ pkgs.easytier ];
--- a/config/hosts/imxyy-nix-server/minio.nix
+++ b/config/hosts/imxyy-nix-server/minio.nix
@@ -1,7 +1,7 @@
-{ config, sopsRoot, ... }:
+{ config, secrets, ... }:
 {
  sops.secrets.minio-env = {
-    sopsFile = sopsRoot + /minio.env;
+    sopsFile = secrets.minio;
    format = "dotenv";
  };
  services.minio = {
--- a/config/hosts/imxyy-nix-server/net.nix
+++ b/config/hosts/imxyy-nix-server/net.nix
@@ -3,7 +3,7 @@
  lib,
  pkgs,
  username,
-  sopsRoot,
+  secrets,
  ...
 }:
 {
@@ -143,7 +143,7 @@
  ];

  sops.secrets.dae-imxyy-nix-server = {
-    sopsFile = sopsRoot + /dae-imxyy-nix-server.dae;
+    sopsFile = secrets.dae-imxyy-nix-server;
    format = "binary";
  };
  services.dae = {
@@ -152,7 +152,7 @@
  };
  systemd.services.dae.after = [ "sops-nix.service" ];
  sops.secrets.mihomo = {
-    sopsFile = sopsRoot + /mihomo.yaml;
+    sopsFile = secrets.mihomo;
    format = "yaml";
    key = "";
  };
@@ -164,7 +164,7 @@
  };

  sops.secrets.frp-env = {
-    sopsFile = sopsRoot + /frp.env;
+    sopsFile = secrets.frp;
    format = "dotenv";
  };
  systemd.services.frp.serviceConfig.EnvironmentFile = [
@@ -475,7 +475,7 @@
  };

  sops.secrets.et-imxyy-nix-server = {
-    sopsFile = sopsRoot + /et-imxyy-nix-server.toml;
+    sopsFile = secrets.et-imxyy-nix-server;
    format = "binary";
  };
  environment.systemPackages = [ pkgs.easytier ];
--- a/config/hosts/imxyy-nix-server/nixos.nix
+++ b/config/hosts/imxyy-nix-server/nixos.nix
@@ -2,7 +2,7 @@
  lib,
  config,
  username,
-  sopsRoot,
+  secrets,
  ...
 }:
 {
@@ -23,7 +23,7 @@
  environment.variables.NIX_REMOTE = "daemon";

  sops.secrets.imxyy-nix-server-hashed-password = {
-    sopsFile = sopsRoot + /imxyy-nix-server-hashed-password.txt;
+    sopsFile = secrets.imxyy-nix-server-hashed-password;
    format = "binary";
    neededForUsers = true;
  };
--- a/config/hosts/imxyy-nix-server/note.nix
+++ b/config/hosts/imxyy-nix-server/note.nix
@@ -1,16 +1,16 @@
 {
  config,
-  sopsRoot,
+  secrets,
  ...
 }:
 {
  sops.secrets = {
    flatnote-env = {
-      sopsFile = sopsRoot + /flatnote.env;
+      sopsFile = secrets.flatnote;
      format = "dotenv";
    };
    siyuan-env = {
-      sopsFile = sopsRoot + /siyuan.env;
+      sopsFile = secrets.siyuan;
      format = "dotenv";
    };
  };
--- a/config/hosts/imxyy-nix-server/vault.nix
+++ b/config/hosts/imxyy-nix-server/vault.nix
@@ -1,7 +1,7 @@
-{ config, sopsRoot, ... }:
+{ config, secrets, ... }:
 {
  sops.secrets.vaultwarden-env = {
-    sopsFile = sopsRoot + /vaultwarden.env;
+    sopsFile = secrets.vaultwarden;
    format = "dotenv";
  };
  services.postgresql.ensureUsers = [