From 5a8b7d4c7493acb9a01c2fe8da47dfc047070f4d Mon Sep 17 00:00:00 2001
From: Adithya Nair <adtya@adtya.xyz>
Date: Sun, 30 Jun 2024 18:45:27 +0530
Subject: [PATCH] all: refactor host specific secrets

---
 common/secrets.nix          | 20 --------------------
 hosts/rico0/wireguard.nix   |  6 ++++++
 hosts/rico1/wireguard.nix   |  6 ++++++
 hosts/rico2/wireguard.nix   |  5 +++++
 hosts/skipper/wireguard.nix |  5 +++++
 5 files changed, 22 insertions(+), 20 deletions(-)

diff --git a/common/secrets.nix b/common/secrets.nix
index 64d8b3f..a316be5 100644
--- a/common/secrets.nix
+++ b/common/secrets.nix
@@ -14,26 +14,6 @@
         group = config.users.users.root.group;
         neededForUsers = true;
       };
-      "wireguard/psk/skipper" = {
-        mode = "400";
-        owner = config.users.users.root.name;
-        group = config.users.users.root.group;
-      };
-      "wireguard/psk/rico0" = {
-        mode = "400";
-        owner = config.users.users.root.name;
-        group = config.users.users.root.group;
-      };
-      "wireguard/psk/rico1" = {
-        mode = "400";
-        owner = config.users.users.root.name;
-        group = config.users.users.root.group;
-      };
-      "wireguard/psk/rico2" = {
-        mode = "400";
-        owner = config.users.users.root.name;
-        group = config.users.users.root.group;
-      };
     };
   };
 }
diff --git a/hosts/rico0/wireguard.nix b/hosts/rico0/wireguard.nix
index 5bccef8..8156ff0 100644
--- a/hosts/rico0/wireguard.nix
+++ b/hosts/rico0/wireguard.nix
@@ -1,4 +1,10 @@
 { config, ... }: {
+  sops.secrets."wireguard/psk/rico0" = {
+    mode = "400";
+    owner = config.users.users.root.name;
+    group = config.users.users.root.group;
+  };
+
   networking.firewall.trustedInterfaces = [ "wg0" ];
   networking.wireguard = {
     enable = true;
diff --git a/hosts/rico1/wireguard.nix b/hosts/rico1/wireguard.nix
index 2c13328..759434f 100644
--- a/hosts/rico1/wireguard.nix
+++ b/hosts/rico1/wireguard.nix
@@ -1,4 +1,10 @@
 { config, ... }: {
+  sops.secrets."wireguard/psk/rico1" = {
+    mode = "400";
+    owner = config.users.users.root.name;
+    group = config.users.users.root.group;
+  };
+
   networking.firewall.trustedInterfaces = [ "wg0" ];
   networking.wireguard = {
     enable = true;
diff --git a/hosts/rico2/wireguard.nix b/hosts/rico2/wireguard.nix
index 2967754..b59587d 100644
--- a/hosts/rico2/wireguard.nix
+++ b/hosts/rico2/wireguard.nix
@@ -1,4 +1,9 @@
 { config, ... }: {
+  sops.secrets."wireguard/psk/rico2" = {
+    mode = "400";
+    owner = config.users.users.root.name;
+    group = config.users.users.root.group;
+  };
   networking.firewall.trustedInterfaces = [ "wg0" ];
   networking.wireguard = {
     enable = true;
diff --git a/hosts/skipper/wireguard.nix b/hosts/skipper/wireguard.nix
index f42ce02..fd05840 100644
--- a/hosts/skipper/wireguard.nix
+++ b/hosts/skipper/wireguard.nix
@@ -1,4 +1,9 @@
 { config, ... }: {
+  sops.secrets."wireguard/psk/skipper" = {
+    mode = "400";
+    owner = config.users.users.root.name;
+    group = config.users.users.root.group;
+  };
   networking.firewall.trustedInterfaces = [ "wg0" ];
   networking.wireguard = {
     enable = true;