Refactored secrets (each host has their own)

README.org

@@ -2,7 +2,7 @@
 ** [[file:docs/install.org][Installing]]
 ** Rebuilding
 #+BEGIN_SRC bash
-sudo nixos-rebuild switch --impure --flake '.#reykjavik'
+sudo nixos-rebuild switch --impure --flake ".#${HOST}"
 #+END_SRC
 ** Modules
 *** Desktop environment

hosts/reykjavik/secrets.nix

@@ -0,0 +1,30 @@
+{ ... }:
+
+{
+  age.secrets = {
+    # Consul -------------------------------
+    "consul.d/gossip.json" = {
+      file = ../secrets/consul.d/gossip.json.age;
+      owner = "consul";
+      group = "consul";
+      mode = "644";
+    };
+    "consul.d/consul-agent-ca.pem" = {
+      file = ../secrets/consul.d/consul-agent-ca.pem.age;
+      owner = "consul";
+      group = "consul";
+      mode = "644";
+    };
+    "consul.d/agent-token-reykjavik.json" = {
+      file = ../secrets/consul.d/agent-token-reykjavik.json.age;
+      owner = "consul";
+      group = "consul";
+      mode = "644";
+    };
+    # Nomad -------------------------------
+    "nomad.d/consul-token.json" = {
+      file = ../secrets/nomad.d/consul-token.json.age;
+      mode = "644";
+    };
+  };
+}

hosts/thingvellir/secrets.nix

@@ -0,0 +1,30 @@
+{ ... }:
+
+{
+  age.secrets = {
+    # Consul -------------------------------
+    "consul.d/gossip.json" = {
+      file = ../secrets/consul.d/gossip.json.age;
+      owner = "consul";
+      group = "consul";
+      mode = "644";
+    };
+    "consul.d/consul-agent-ca.pem" = {
+      file = ../secrets/consul.d/consul-agent-ca.pem.age;
+      owner = "consul";
+      group = "consul";
+      mode = "644";
+    };
+    "consul.d/agent-token-thingvellir.json" = {
+      file = ../secrets/consul.d/agent-token-thingvellir.json.age;
+      owner = "consul";
+      group = "consul";
+      mode = "644";
+    };
+    # Nomad -------------------------------
+    "nomad.d/consul-token.json" = {
+      file = ../secrets/nomad.d/consul-token.json.age;
+      mode = "644";
+    };
+  };
+}

modules/secrets.nix

@@ -1,45 +0,0 @@
-{ config, pkgs, lib, ... }:
-let
-  consulCfg = config.samfelag.modules.server.consul;
-  nomadCfg = config.samfelag.modules.server.nomad;
-in
-{
-  config = {
-    age.secrets = {
-    } //
-    # Consul -------------------------------
-    lib.optionalAttrs consulCfg.enable {
-      "consul.d/gossip.json" = {
-        file = ../secrets/consul.d/gossip.json.age;
-        owner = "consul";
-        group = "consul";
-        mode = "644";
-      };
-      "consul.d/consul-agent-ca.pem" = {
-        file = ../secrets/consul.d/consul-agent-ca.pem.age;
-        owner = "consul";
-        group = "consul";
-        mode = "644";
-      };
-      "consul.d/agent-token-reykjavik.json" = {
-        file = ../secrets/consul.d/agent-token-reykjavik.json.age;
-        owner = "consul";
-        group = "consul";
-        mode = "644";
-      };
-      "consul.d/agent-token-thingvellir.json" = {
-        file = ../secrets/consul.d/agent-token-thingvellir.json.age;
-        owner = "consul";
-        group = "consul";
-        mode = "644";
-      };
-    } //
-    # Nomad -------------------------------
-    lib.optionalAttrs nomadCfg.enable {
-      "nomad.d/consul-token.json" = {
-        file = ../secrets/nomad.d/consul-token.json.age;
-        mode = "644";
-      };
-    };
-  };
-}