dotfiles/common/secrets/default.nix

{
  config,
  ragenix,
  lib,
  pkgs,
  ...
}:

let
  ccfg = import ../config.nix;
  cfg_path = [
    ccfg.custom_config_key
    "secrets"
  ];
  cfg = lib.attrsets.getAttrFromPath cfg_path config;
  users_cfg = config.${ccfg.custom_config_key}.users;
in
# TODO auto import secret files here
# secretsFile = (settings.secretsDir + /secrets.nix);
{
  options =
    { }
    // lib.attrsets.setAttrByPath cfg_path {
      enable = lib.mkEnableOption "secrets";
    };
  config = lib.mkIf cfg.enable {
    environment.systemPackages = [
      ragenix.packages.${pkgs.system}.default
      pkgs.rage
    ];

    age = {
      secrets =
        # builtins.mapAttrs
        #   (name: _value: lib.nameValuePair (lib.removeSuffix ".age" name) {
        #     file = (settings.secretsDir + "/${name}");
        #     owner = lib.mkDefault users_cfg.primary;
        #   })
        #   (import secretsFile);
        {
          nix2github = {
            file = ./secrets/nix2github.age;
            owner = users_cfg.primary;
          };
          nix2bitbucket = {
            file = ./secrets/nix2bitbucket.age;
            owner = users_cfg.primary;
          };
          nix2gitjosh = {
            file = ./secrets/nix2gitjosh.age;
            owner = users_cfg.primary;
          };
          nix2gitforgejo = {
            file = ./secrets/nix2gitforgejo.age;
            owner = users_cfg.primary;
          };
          nix2h001 = {
            file = ./secrets/nix2h001.age;
            owner = users_cfg.primary;
          };
          nix2h002 = {
            file = ./secrets/nix2h002.age;
            owner = users_cfg.primary;
          };
          nix2joe = {
            file = ./secrets/nix2joe.age;
            owner = users_cfg.primary;
          };
          nix2gpdPocket3 = {
            file = ./secrets/nix2gpdPocket3.age;
            owner = users_cfg.primary;
          };
          nix2t = {
            file = ./secrets/nix2t.age;
            owner = users_cfg.primary;
          };
          nix2linode = {
            file = ./secrets/nix2linode.age;
            owner = users_cfg.primary;
          };
          nix2oracle = {
            file = ./secrets/nix2oracle.age;
            owner = users_cfg.primary;
          };
          nix2l002 = {
            file = ./secrets/nix2l002.age;
            owner = users_cfg.primary;
          };
          nix2lio = {
            file = ./secrets/nix2lio.age;
            owner = users_cfg.primary;
          };
          nix2oren = {
            file = ./secrets/nix2oren.age;
            owner = users_cfg.primary;
          };
          github_read_token = {
            file = ./secrets/github_read_token.age;
            owner = users_cfg.primary;
          };
          headscale_auth = {
            file = ./secrets/headscale_auth.age;
            owner = users_cfg.primary;
          };
        };
    };
  };
}