From 6f5e592d8cbe8e4c7a8d381ab4666564e927c1fe Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Mon, 28 Jul 2025 11:06:32 -0500 Subject: [PATCH] cleanup --- checks/pre-commit-hooks/default.nix | 4 +- .../mattjallen@macbook-pro/default.nix | 6 --- homes/aarch64-linux/matt@pi4/default.nix | 6 --- modules/home/programs/btop/default.nix | 2 +- modules/home/programs/kitty/default.nix | 2 +- modules/home/programs/kitty/options.nix | 4 +- modules/home/programs/mako/default.nix | 2 +- modules/home/programs/nwg-dock/default.nix | 2 +- modules/home/programs/nwg-drawer/default.nix | 2 +- modules/home/programs/waybar/default.nix | 2 +- modules/home/programs/wlogout/default.nix | 2 +- modules/home/programs/wofi/default.nix | 2 +- modules/nixos/homeassistant/default.nix | 1 + modules/nixos/sops/default.nix | 14 +++--- packages/ha-openhasp/default.nix | 30 +++++++++++++ systems/aarch64-linux/pi4/sops.nix | 12 +++--- systems/aarch64-linux/pi5/sops.nix | 10 +++-- .../specialisations/hyprland/default.nix | 43 ------------------- .../specialisations/hyprland/home/default.nix | 6 +-- systems/x86_64-linux/nas/sops.nix | 24 ++++++----- systems/x86_64-linux/nuc/default.nix | 3 -- systems/x86_64-linux/nuc/sops.nix | 22 ++++++---- 22 files changed, 95 insertions(+), 106 deletions(-) create mode 100644 packages/ha-openhasp/default.nix diff --git a/checks/pre-commit-hooks/default.nix b/checks/pre-commit-hooks/default.nix index 94f3878..04ec843 100644 --- a/checks/pre-commit-hooks/default.nix +++ b/checks/pre-commit-hooks/default.nix @@ -14,7 +14,9 @@ pre-commit-hooks-nix.lib.${pkgs.system}.run { treefmt = { enable = lib.mkForce true; settings.fail-on-change = lib.mkForce false; - packageOverrides.treefmt = inputs.treefmt-nix.lib.mkWrapper pkgs ../../treefmt.nix; + packageOverrides.treefmt = inputs.treefmt-nix.lib.mkWrapper pkgs ( + lib.snowfall.fs.get-file "treefmt.nix" + ); }; }; } diff --git a/homes/aarch64-darwin/mattjallen@macbook-pro/default.nix b/homes/aarch64-darwin/mattjallen@macbook-pro/default.nix index 2f49d43..ebe2dfc 100755 --- a/homes/aarch64-darwin/mattjallen@macbook-pro/default.nix +++ b/homes/aarch64-darwin/mattjallen@macbook-pro/default.nix @@ -22,12 +22,6 @@ let ]; in { - # imports = [ - # ../../modules/home/defaults.nix - # ../../modules/home/git.nix - # ../../modules/home/shell.nix - # ../../modules/home/vscode.nix - # ]; # Home Manager needs a bit of information about you and the # paths it should manage. home = { diff --git a/homes/aarch64-linux/matt@pi4/default.nix b/homes/aarch64-linux/matt@pi4/default.nix index d888111..943d5e3 100755 --- a/homes/aarch64-linux/matt@pi4/default.nix +++ b/homes/aarch64-linux/matt@pi4/default.nix @@ -11,12 +11,6 @@ let }; in { - imports = [ - ../../../modules/home/home - ../../../modules/home/programs/git - ../../../modules/home/programs/zsh - ]; - home.username = "matt"; sops = { diff --git a/modules/home/programs/btop/default.nix b/modules/home/programs/btop/default.nix index 1842b14..f2104c1 100755 --- a/modules/home/programs/btop/default.nix +++ b/modules/home/programs/btop/default.nix @@ -2,7 +2,7 @@ with lib; let cfg = config.mjallen.programs.btop; - nord = import ../../desktop/theme/nord.nix; + nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix"); in { imports = [ ./options.nix ]; diff --git a/modules/home/programs/kitty/default.nix b/modules/home/programs/kitty/default.nix index 0a7f126..c0d13d3 100755 --- a/modules/home/programs/kitty/default.nix +++ b/modules/home/programs/kitty/default.nix @@ -2,7 +2,7 @@ with lib; let cfg = config.mjallen.programs.kitty; - nord = import ../../desktop/theme/nord.nix; + nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix"); in { imports = [ ./options.nix ]; diff --git a/modules/home/programs/kitty/options.nix b/modules/home/programs/kitty/options.nix index 0759e52..8243b36 100644 --- a/modules/home/programs/kitty/options.nix +++ b/modules/home/programs/kitty/options.nix @@ -15,13 +15,13 @@ with lib; }; size = mkOption { type = with types; int; - default = 8; + default = 12; }; }; theme = mkOption { type = types.attrs; - default = import ../../desktop/theme/nord.nix; + default = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix"); }; }; } diff --git a/modules/home/programs/mako/default.nix b/modules/home/programs/mako/default.nix index 7aa1b30..df14f96 100755 --- a/modules/home/programs/mako/default.nix +++ b/modules/home/programs/mako/default.nix @@ -2,7 +2,7 @@ with lib; let cfg = config.mjallen.programs.mako; - nord = import ../../desktop/theme/nord.nix; + nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix"); in { imports = [ ./options.nix ]; diff --git a/modules/home/programs/nwg-dock/default.nix b/modules/home/programs/nwg-dock/default.nix index 2e67342..7de746d 100644 --- a/modules/home/programs/nwg-dock/default.nix +++ b/modules/home/programs/nwg-dock/default.nix @@ -7,7 +7,7 @@ with lib; let cfg = config.mjallen.programs.nwg-dock; - nord = import ../../desktop/theme/nord.nix; + nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix"); in { imports = [ ./options.nix ]; diff --git a/modules/home/programs/nwg-drawer/default.nix b/modules/home/programs/nwg-drawer/default.nix index d57252b..221a2fd 100644 --- a/modules/home/programs/nwg-drawer/default.nix +++ b/modules/home/programs/nwg-drawer/default.nix @@ -7,7 +7,7 @@ with lib; let cfg = config.mjallen.programs.nwg-drawer; - nord = import ../../desktop/theme/nord.nix; + nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix"); in { imports = [ ./options.nix ]; diff --git a/modules/home/programs/waybar/default.nix b/modules/home/programs/waybar/default.nix index 08b6643..6e62c90 100755 --- a/modules/home/programs/waybar/default.nix +++ b/modules/home/programs/waybar/default.nix @@ -2,7 +2,7 @@ with lib; let cfg = config.mjallen.programs.waybar; - nord = import ../../desktop/theme/nord.nix; + nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix"); defaultOpacity = "opacity: 0.85;"; defaultBorderRadius = "border-radius: 1rem;"; diff --git a/modules/home/programs/wlogout/default.nix b/modules/home/programs/wlogout/default.nix index 5def23d..7fcd609 100644 --- a/modules/home/programs/wlogout/default.nix +++ b/modules/home/programs/wlogout/default.nix @@ -2,7 +2,7 @@ with lib; let cfg = config.mjallen.programs.wlogout; - nord = import ../../desktop/theme/nord.nix; + nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix"); in { imports = [ ./options.nix ]; diff --git a/modules/home/programs/wofi/default.nix b/modules/home/programs/wofi/default.nix index c87f7c1..954b4ef 100755 --- a/modules/home/programs/wofi/default.nix +++ b/modules/home/programs/wofi/default.nix @@ -2,7 +2,7 @@ with lib; let cfg = config.mjallen.programs.wofi; - nord = import ../../desktop/theme/nord.nix; + nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix"); in { imports = [ ./options.nix ]; diff --git a/modules/nixos/homeassistant/default.nix b/modules/nixos/homeassistant/default.nix index da09ed1..beb8980 100755 --- a/modules/nixos/homeassistant/default.nix +++ b/modules/nixos/homeassistant/default.nix @@ -93,6 +93,7 @@ in pkgs.${namespace}.ha-icloud3 pkgs.${namespace}.ha-mail-and-packages pkgs.${namespace}.ha-nanokvm + pkgs.${namespace}.ha-openhasp pkgs.${namespace}.ha-overseerr pkgs.${namespace}.ha-petlibro pkgs.${namespace}.ha-wyzeapi diff --git a/modules/nixos/sops/default.nix b/modules/nixos/sops/default.nix index c12c1dc..9bd827a 100644 --- a/modules/nixos/sops/default.nix +++ b/modules/nixos/sops/default.nix @@ -1,4 +1,8 @@ { lib, ... }: +let + defaultSops = (lib.snowfall.fs.get-file "secrets/pi4-secrets.yaml"); + # sharedSops = (lib.snowfall.fs.get-file "secrets/secrets.yaml"); +in { # Permission modes are in octal representation (same as chmod), # the digits represent: user|group|others @@ -15,7 +19,7 @@ # Either the group id or group name representation of the secret group # It is recommended to get the group name from `config.users.users..group` to avoid misconfiguration sops = { - defaultSopsFile = (lib.snowfall.fs.get-file "secrets/secrets.yaml"); + defaultSopsFile = defaultSops; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; # ------------------------------ @@ -28,27 +32,27 @@ # SSH keys # ------------------------------ # "ssh-keys-public/desktop-nixos" = { - # sopsFile = ../../secrets/secrets.yaml; + # sopsFile = sharedSops; # mode = "0644"; # owner = config.users.users."${user}".name; # group = config.users.users."${user}".group; # restartUnits = [ "sshd.service" ]; # }; # "ssh-keys-private/desktop-nixos" = { - # sopsFile = ../../secrets/secrets.yaml; + # sopsFile = sharedSops; # mode = "0600"; # owner = config.users.users."${user}".name; # group = config.users.users."${user}".group; # restartUnits = [ "sshd.service" ]; # }; # "ssh-keys-public/desktop-nixos-root" = { - # sopsFile = ../../secrets/secrets.yaml; + # sopsFile = sharedSops; # path = "/root/.ssh/id_ed25519.pub"; # mode = "0600"; # restartUnits = [ "sshd.service" ]; # }; # "ssh-keys-private/desktop-nixos-root" = { - # sopsFile = ../../secrets/secrets.yaml; + # sopsFile = sharedSops; # path = "/root/.ssh/id_ed25519"; # mode = "0600"; # restartUnits = [ "sshd.service" ]; diff --git a/packages/ha-openhasp/default.nix b/packages/ha-openhasp/default.nix new file mode 100644 index 0000000..c49096b --- /dev/null +++ b/packages/ha-openhasp/default.nix @@ -0,0 +1,30 @@ +{ + buildHomeAssistantComponent, + fetchFromGitHub, + # pkgs, + # namespace, + ... +}: +buildHomeAssistantComponent rec { + owner = "HASSwitchPlate"; + domain = "openHASP"; + version = "0.7.6"; + + src = fetchFromGitHub { + owner = owner; + repo = "openHASP-custom-component"; + rev = version; + hash = "sha256-UvUowCgfay9aRV+iC/AQ9vvJzhGZbH+/1kVjxPFBKcI="; + }; + + # propagatedBuildInputs = [ + # pkgs.${namespace}.pyoverseerr + # ]; + + meta = { + changelog = "https://github.com/HASSwitchPlate/openHASP-custom-component/releases/tag/${version}"; + description = "This custom component simplifies synchronization of objects on one or more openHASP"; + homepage = "https://github.com/HASSwitchPlate/openHASP-custom-component"; + maintainers = [ ]; + }; +} diff --git a/systems/aarch64-linux/pi4/sops.nix b/systems/aarch64-linux/pi4/sops.nix index 4021023..3933af8 100755 --- a/systems/aarch64-linux/pi4/sops.nix +++ b/systems/aarch64-linux/pi4/sops.nix @@ -1,10 +1,12 @@ { config, lib, ... }: let user = "matt"; + defaultSops = (lib.snowfall.fs.get-file "secrets/pi4-secrets.yaml"); + sharedSops = (lib.snowfall.fs.get-file "secrets/secrets.yaml"); in { sops = { - defaultSopsFile = lib.mkForce ../../../secrets/pi4-secrets.yaml; + defaultSopsFile = lib.mkForce defaultSops; # age = { # generateKey = true; # sshKeyPaths = [ "/etc/ssd/ssh_host_ed25519_key" ]; @@ -16,7 +18,7 @@ in # ------------------------------ secrets = { "wifi" = { - sopsFile = ../../../secrets/secrets.yaml; + sopsFile = sharedSops; }; "pi4/matt-password" = { neededForUsers = true; @@ -30,21 +32,21 @@ in # ------------------------------ "ssh-keys-public/pi4" = { - sopsFile = ../../../secrets/secrets.yaml; + sopsFile = sharedSops; mode = "0644"; owner = config.users.users."${user}".name; group = config.users.users."${user}".group; restartUnits = [ "sshd.service" ]; }; "ssh-keys-private/pi4" = { - sopsFile = ../../../secrets/secrets.yaml; + sopsFile = sharedSops; mode = "0600"; owner = config.users.users."${user}".name; group = config.users.users."${user}".group; restartUnits = [ "sshd.service" ]; }; "ssh-keys-public/pi5" = { - sopsFile = ../../../secrets/secrets.yaml; + sopsFile = sharedSops; neededForUsers = true; mode = "0600"; owner = config.users.users.root.name; diff --git a/systems/aarch64-linux/pi5/sops.nix b/systems/aarch64-linux/pi5/sops.nix index 823800b..b411d49 100755 --- a/systems/aarch64-linux/pi5/sops.nix +++ b/systems/aarch64-linux/pi5/sops.nix @@ -1,10 +1,12 @@ { config, lib, ... }: let user = "matt"; + defaultSops = (lib.snowfall.fs.get-file "secrets/pi5-secrets.yaml"); + sharedSops = (lib.snowfall.fs.get-file "secrets/secrets.yaml"); in { sops = { - defaultSopsFile = lib.mkForce ../../../secrets/pi5-secrets.yaml; + defaultSopsFile = lib.mkForce defaultSops; # age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; age.keyFile = "/home/matt/.config/sops/age/keys.txt"; @@ -13,7 +15,7 @@ in # ------------------------------ secrets = { "wifi" = { - sopsFile = ../../../secrets/secrets.yaml; + sopsFile = sharedSops; }; "pi5/matt-password" = { neededForUsers = true; @@ -27,14 +29,14 @@ in # ------------------------------ "ssh-keys-public/pi5" = { - sopsFile = ../../../secrets/secrets.yaml; + sopsFile = sharedSops; mode = "0644"; owner = config.users.users."${user}".name; group = config.users.users."${user}".group; restartUnits = [ "sshd.service" ]; }; "ssh-keys-private/pi5" = { - sopsFile = ../../../secrets/secrets.yaml; + sopsFile = sharedSops; mode = "0600"; owner = config.users.users."${user}".name; group = config.users.users."${user}".group; diff --git a/systems/x86_64-linux/desktop/specialisations/hyprland/default.nix b/systems/x86_64-linux/desktop/specialisations/hyprland/default.nix index 377362f..f647dec 100755 --- a/systems/x86_64-linux/desktop/specialisations/hyprland/default.nix +++ b/systems/x86_64-linux/desktop/specialisations/hyprland/default.nix @@ -1,17 +1,4 @@ { lib, namespace, ... }: -let - # Displays - # displayLeft = { - # input = "DP-1"; - # resolution = "3840x2160"; - # refreshRate = "240.00000"; - # }; - # displayRight = { - # input = "DP-2"; - # resolution = "3840x2160"; - # refreshRate = "240.00000"; - # }; -in { specialisation.hyprland.inheritParentConfig = true; specialisation.hyprland.configuration = { @@ -19,36 +6,6 @@ in ${namespace} = { desktop = { hyprland.enable = true; - # primaryDisplay = "DP-1"; - - # wallpaper = [ - # "${displayLeft.input}, /run/wallpaper.jpg" - # "${displayRight.input}, /run/wallpaper.jpg" - # ]; - - # monitor = [ - # "${displayLeft.input},${displayLeft.resolution}@${displayLeft.refreshRate},0x0,1,bitdepth,10,cm,hdr,sdrbrightness,1.2,sdrsaturation,0.98" - # "${displayRight.input},${displayRight.resolution}@${displayRight.refreshRate},3840x0,1,bitdepth,10,cm,hdr,sdrbrightness,1.5,sdrsaturation,0.98" - # ]; - - # workspace = [ - # "name:firefox, monitor:${displayRight.input}, default:false, special, class:(.*firefox.*)" - # "name:discord, monitor:${displayRight.input}, default:true, special, title:(.*vesktop.*), title:(.*Apple Music.*)" - # "name:steam, monitor:${displayLeft.input}, default:false, special, class:(.*[Ss]team.*)" - # ]; - - # windowRule = [ - # "size 2160 7680, tag:horizonrdp" - # ]; - - # extraConfig = '' - # exec-once = nm-applet - # exec-once = [silent] firefox - # exec-once = [silent] vesktop - # exec-once = [silent] chromium --app="https://music.apple.com" - # exec-once = [silent] steam - # ''; - # }; gnome.enable = lib.mkForce false; }; }; diff --git a/systems/x86_64-linux/desktop/specialisations/hyprland/home/default.nix b/systems/x86_64-linux/desktop/specialisations/hyprland/home/default.nix index cee1dd6..3fc3f50 100644 --- a/systems/x86_64-linux/desktop/specialisations/hyprland/home/default.nix +++ b/systems/x86_64-linux/desktop/specialisations/hyprland/home/default.nix @@ -30,7 +30,7 @@ in "${displayLeft.input},${displayLeft.resolution}@${displayLeft.refreshRate},0x0,1,bitdepth,10,cm,hdr,sdrbrightness,1.2,sdrsaturation,0.98" "${displayRight.input},${displayRight.resolution}@${displayRight.refreshRate},3840x0,1,bitdepth,10,cm,hdr,sdrbrightness,1.5,sdrsaturation,0.98" ]; - + workspace = [ "name:firefox, monitor:${displayRight.input}, default:false, special, class:(.*firefox.*)" "name:discord, monitor:${displayRight.input}, default:true, special, title:(.*vesktop.*), title:(.*Apple Music.*)" @@ -94,13 +94,13 @@ in "clock" "custom/weather" ]; - + extraModules = { "custom/lights" = { tooltip = false; exec = "waybar-hass --get_light light.living_room_lights"; interval = "once"; - format = "{text}";#"󱉓"; + format = "{text}"; # "󱉓"; on-click = "waybar-hass --toggle_light light.living_room_lights"; return-type = "json"; }; diff --git a/systems/x86_64-linux/nas/sops.nix b/systems/x86_64-linux/nas/sops.nix index 5525aab..45475d3 100755 --- a/systems/x86_64-linux/nas/sops.nix +++ b/systems/x86_64-linux/nas/sops.nix @@ -1,6 +1,8 @@ { config, lib, ... }: let user = "nix-apps"; + defaultSops = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"); + sharedSops = (lib.snowfall.fs.get-file "secrets/secrets.yaml"); in { # Permission modes are in octal representation (same as chmod), @@ -18,7 +20,7 @@ in # Either the group id or group name representation of the secret group # It is recommended to get the group name from `config.users.users..group` to avoid misconfiguration sops = { - defaultSopsFile = lib.mkForce ../../../secrets/nas-secrets.yaml; + defaultSopsFile = lib.mkForce defaultSops; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; # ------------------------------ @@ -33,7 +35,7 @@ in }; "wifi" = { - sopsFile = ../../../secrets/secrets.yaml; + sopsFile = sharedSops; }; # ------------------------------ @@ -55,12 +57,12 @@ in # ------------------------------ "ssh-keys-public/jallen-nas-root" = { - sopsFile = ../../../secrets/secrets.yaml; + sopsFile = sharedSops; path = "/root/.ssh/id_ed25519.pub"; mode = "0640"; }; "ssh-keys-private/jallen-nas-root" = { - sopsFile = ../../../secrets/secrets.yaml; + sopsFile = sharedSops; path = "/root/.ssh/id_ed25519"; mode = "0600"; }; @@ -199,37 +201,37 @@ in # ------------------------------ "secureboot/GUID" = { - sopsFile = ../../../secrets/secrets.yaml; + sopsFile = sharedSops; path = "/etc/secureboot/GUID"; mode = "0640"; }; "secureboot/keys/db-key" = { - sopsFile = ../../../secrets/secrets.yaml; + sopsFile = sharedSops; path = "/etc/secureboot/keys/db/db.key"; mode = "0640"; }; "secureboot/keys/db-pem" = { - sopsFile = ../../../secrets/secrets.yaml; + sopsFile = sharedSops; path = "/etc/secureboot/keys/db/db.pem"; mode = "0640"; }; "secureboot/keys/KEK-key" = { - sopsFile = ../../../secrets/secrets.yaml; + sopsFile = sharedSops; path = "/etc/secureboot/keys/KEK/KEK.key"; mode = "0640"; }; "secureboot/keys/KEK-pem" = { - sopsFile = ../../../secrets/secrets.yaml; + sopsFile = sharedSops; path = "/etc/secureboot/keys/KEK/KEK.pem"; mode = "0640"; }; "secureboot/keys/PK-key" = { - sopsFile = ../../../secrets/secrets.yaml; + sopsFile = sharedSops; path = "/etc/secureboot/keys/PK/PK.key"; mode = "0640"; }; "secureboot/keys/PK-pem" = { - sopsFile = ../../../secrets/secrets.yaml; + sopsFile = sharedSops; path = "/etc/secureboot/keys/PK/PK.pem"; mode = "0640"; }; diff --git a/systems/x86_64-linux/nuc/default.nix b/systems/x86_64-linux/nuc/default.nix index eb40455..5fbcecd 100644 --- a/systems/x86_64-linux/nuc/default.nix +++ b/systems/x86_64-linux/nuc/default.nix @@ -1,5 +1,4 @@ { - config, lib, namespace, ... @@ -10,8 +9,6 @@ ./networking.nix ./users.nix ./sops.nix - - # ../../modules/homeassistant/homeassistant.nix ]; security.tpm2 = { diff --git a/systems/x86_64-linux/nuc/sops.nix b/systems/x86_64-linux/nuc/sops.nix index b7e6283..7eda53f 100755 --- a/systems/x86_64-linux/nuc/sops.nix +++ b/systems/x86_64-linux/nuc/sops.nix @@ -1,4 +1,8 @@ { lib, ... }: +let + defaultSops = (lib.snowfall.fs.get-file "secrets/nuc-secrets.yaml"); + sharedSops = (lib.snowfall.fs.get-file "secrets/secrets.yaml"); +in { # Permission modes are in octal representation (same as chmod), # the digits represent: user|group|others @@ -15,7 +19,7 @@ # Either the group id or group name representation of the secret group # It is recommended to get the group name from `config.users.users..group` to avoid misconfiguration sops = { - defaultSopsFile = lib.mkForce ../../../secrets/nuc-secrets.yaml; + defaultSopsFile = lib.mkForce defaultSops; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; # ------------------------------ @@ -24,7 +28,7 @@ secrets = { "wifi" = { - sopsFile = ../../../secrets/secrets.yaml; + sopsFile = sharedSops; }; # ------------------------------ @@ -32,37 +36,37 @@ # ------------------------------ "secureboot/GUID" = { - sopsFile = ../../../secrets/secrets.yaml; + sopsFile = sharedSops; path = "/etc/secureboot/GUID"; mode = "0640"; }; "secureboot/keys/db-key" = { - sopsFile = ../../../secrets/secrets.yaml; + sopsFile = sharedSops; path = "/etc/secureboot/keys/db/db.key"; mode = "0640"; }; "secureboot/keys/db-pem" = { - sopsFile = ../../../secrets/secrets.yaml; + sopsFile = sharedSops; path = "/etc/secureboot/keys/db/db.pem"; mode = "0640"; }; "secureboot/keys/KEK-key" = { - sopsFile = ../../../secrets/secrets.yaml; + sopsFile = sharedSops; path = "/etc/secureboot/keys/KEK/KEK.key"; mode = "0640"; }; "secureboot/keys/KEK-pem" = { - sopsFile = ../../../secrets/secrets.yaml; + sopsFile = sharedSops; path = "/etc/secureboot/keys/KEK/KEK.pem"; mode = "0640"; }; "secureboot/keys/PK-key" = { - sopsFile = ../../../secrets/secrets.yaml; + sopsFile = sharedSops; path = "/etc/secureboot/keys/PK/PK.key"; mode = "0640"; }; "secureboot/keys/PK-pem" = { - sopsFile = ../../../secrets/secrets.yaml; + sopsFile = sharedSops; path = "/etc/secureboot/keys/PK/PK.pem"; mode = "0640"; };