Move secrets and keys into agenix

Signed-off-by: Mel <einebeere@gmail.com>

3 files changed, 15 insertions, 8 deletions

diff --git a/modules/ddns.nix b/modules/ddns.nix
index c9d2abd..8ee9afd 100644
--- a/modules/ddns.nix
+++ b/modules/ddns.nix
@@ -1,9 +1,13 @@
-{ me, ... }:
+{ me, config, ... }:
 
 let
   domain = "rnrd.eu";
 in
 {
+  age.secrets.cloudflare-dns = {
+    file = ../secrets/cloudflare-dns.age;
+  };
+
   services.ddclient = {
     enable = true;
 
@@ -20,7 +24,6 @@ in
     username = "token";
     zone = domain;
     domains = [ "${me.name}.${domain}" ];
-    # TODO: use age
-    passwordFile = "/home/mel/cloudflare-dns-token.pw";
+    passwordFile = config.age.secrets.cloudflare-dns.path;
   };
 }
diff --git a/modules/git.nix b/modules/git.nix
index 1d592f0..f7a26c4 100644
--- a/modules/git.nix
+++ b/modules/git.nix
@@ -1,4 +1,4 @@
-{ me, security, pkgs, ... }:
+{ me, keys, pkgs, ... }:
 
 {
   users.users.git = {
@@ -8,7 +8,7 @@
     home = "/srv/git";
     group = "git";
 
-    openssh.authorizedKeys.keys = security.keys;
+    openssh.authorizedKeys.keys = keys.allUsers;
   };
   users.groups.git = {};
 }
diff --git a/modules/user.nix b/modules/user.nix
index 2f49569..4ea0be2 100644
--- a/modules/user.nix
+++ b/modules/user.nix
@@ -1,6 +1,10 @@
-{ config, pkgs, security, ... }:
+{ config, pkgs, keys, ... }:
 
 {
+  age.secrets.password = {
+    file = ../secrets/password.age;
+  };
+
   users.mutableUsers = false;
   users.users.mel = {
     isNormalUser = true;
@@ -8,8 +12,8 @@
     shell = pkgs.fish;
     extraGroups = [ "networkmanager" "wheel" "docker" ];
 
-    hashedPassword = security.password;
-    openssh.authorizedKeys.keys = security.keys;
+    hashedPasswordFile = config.age.secrets.password.path;
+    openssh.authorizedKeys.keys = keys.allUsers;
 
     packages = (with pkgs; []);
   };