treewide: fixup stockholm lib, explicit dependencies and impure quirks

12 files changed, 35 insertions, 18 deletions

diff --git a/2configs/backup/state.nix b/2configs/backup/state.nix
index 1143708bf..2dc832420 100644
--- a/2configs/backup/state.nix
+++ b/2configs/backup/state.nix
@@ -1,11 +1,13 @@
 { config, ... }:
 # back up all state
 let
-  sec = toString <secrets>;
-  sshkey = sec + "/borg.priv";
-  phrase = sec + "/borg.pw";
+  sshkey = config.sops.secrets."borg.priv".path;
+  phrase = config.sops.secrets."borg.pw".path;
 in
 {
+  sops.secrets."borg.priv" = {};
+  sops.secrets."borg.pw" = {};
+
   services.borgbackup.jobs.state = {
     repo = "borg-${config.krebs.build.host.name}@backup.makefu.r:.";
     paths = config.state;
diff --git a/2configs/git/brain-retiolum.nix b/2configs/git/brain-retiolum.nix
index 3be3fccef..5db6cb0ba 100644
--- a/2configs/git/brain-retiolum.nix
+++ b/2configs/git/brain-retiolum.nix
@@ -1,6 +1,5 @@
-{ config, lib, pkgs, ... }:
-# TODO: remove tv lib :)
-with import <stockholm/lib>;
+{ config, lib, pkgs, stockholm, ... }:
+with stockholm.lib;
 let
 
   repos = krebs-repos;
diff --git a/2configs/gui/not-gnome.nix b/2configs/gui/not-gnome.nix
index 2e22c66cd..1aa3e9edc 100644
--- a/2configs/gui/not-gnome.nix
+++ b/2configs/gui/not-gnome.nix
@@ -20,6 +20,8 @@
       drawThickness=0
       filenamePattern=%F_%T_shot
     '';
+
+    users.users.${config.krebs.build.user.name}.packages = [ pkgs.clipit ];
     systemd.user.services.clipit = {
       Unit = {
         Description = "clipboard manager";
diff --git a/2configs/home-manager/desktop.nix b/2configs/home-manager/desktop.nix
index 7442ab618..cd2101ccf 100644
--- a/2configs/home-manager/desktop.nix
+++ b/2configs/home-manager/desktop.nix
@@ -2,7 +2,7 @@
 
 {
 
-  users.users.makefu.packages = with pkgs;[ bat direnv clipit ];
+  users.users.makefu.packages = with pkgs;[ bat direnv ];
   home-manager.users.makefu = {
     programs.beets.enable = true;
     programs.firefox = {
@@ -23,5 +23,5 @@
         "kjacjjdnoddnpbbcjilcajfhhbdhkpgk" # forest
       ];
     };
-
+  };
 }
diff --git a/2configs/remote-build/aarch64-community.nix b/2configs/remote-build/aarch64-community.nix
index 9c2155798..5050be63d 100644
--- a/2configs/remote-build/aarch64-community.nix
+++ b/2configs/remote-build/aarch64-community.nix
@@ -1,4 +1,6 @@
+{ config, ... }: 
 {
+  sops.secrets."nixos-community" = {};
   nix = {
     distributedBuilds = true;
     buildMachines = [
diff --git a/2configs/secrets/default.nix b/2configs/secrets/default.nix
index f6596be12..45c7983d8 100644
--- a/2configs/secrets/default.nix
+++ b/2configs/secrets/default.nix
@@ -1,4 +1,5 @@
+{ config, ... }:
 {
-  sops.defaultSopsFile = ../../secrets/common.yaml;
+  sops.defaultSopsFile = ../.. + "/secrets/${config.krebs.build.host.name}.yaml";
   sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
 }
diff --git a/2configs/secrets/user-passwords.nix b/2configs/secrets/user-passwords.nix
index 960d99d64..776d08340 100644
--- a/2configs/secrets/user-passwords.nix
+++ b/2configs/secrets/user-passwords.nix
@@ -3,8 +3,14 @@
   imports = [ ./default.nix ];
 
   sops.secrets = {
-    "passwd/makefu".neededForUsers = true;
-    "passwd/root".neededForUsers = true;
+    "passwd/makefu" = {
+      neededForUsers = true;
+      sopsFile = ../../secrets/common.yaml;
+    };
+    "passwd/root" = {
+      neededForUsers = true;
+      sopsFile = ../../secrets/common.yaml;
+    };
   };
 
   users.users = {
diff --git a/2configs/share/default.nix b/2configs/share/default.nix
index a1ad349b9..6485fa1d5 100644
--- a/2configs/share/default.nix
+++ b/2configs/share/default.nix
@@ -1,5 +1,5 @@
-{ config, lib, ... }:
-with import <stockholm/lib>;
+{ config, lib, stockholm, ... }:
+with stockholm.lib;
 let
   base-dir = config.services.rtorrent.downloadDir;
 in {
diff --git a/2configs/tools/dev.nix b/2configs/tools/dev.nix
index 0747934b8..89f609d7d 100644
--- a/2configs/tools/dev.nix
+++ b/2configs/tools/dev.nix
@@ -20,7 +20,7 @@
     # nix related
     nix-index
     nix-review
-    brain
+    # brain
     whatsupnix
     nixpkgs-pytools
     nixpkgs-fmt
@@ -28,7 +28,7 @@
     # git-related
     git-preview
     tig
-    (pkgs.callPackage ./init-host {})
+    # (pkgs.callPackage ./init-host {})
     # used more than once
     imagemagick
     qrencode
diff --git a/2configs/tools/games.nix b/2configs/tools/games.nix
index 57a1dba1e..87261e70c 100644
--- a/2configs/tools/games.nix
+++ b/2configs/tools/games.nix
@@ -5,7 +5,8 @@
     # ./steam.nix
   ];
   users.users.makefu.packages = with pkgs; [
-    games-user-env
+    # kaputt:
+    # games-user-env
     wine
     pkg2zip
     steam
diff --git a/2configs/tools/mobility.nix b/2configs/tools/mobility.nix
index fd7ce6ab8..9f067d21b 100644
--- a/2configs/tools/mobility.nix
+++ b/2configs/tools/mobility.nix
@@ -5,7 +5,8 @@
     mosh
     sshfs
     rclone
-    (pkgs.callPackage ./secrets.nix {})
+
+    # (pkgs.callPackage ./secrets.nix {})
 
     opensc pcsctools libu2f-host
   ];
diff --git a/2configs/wireguard/wiregrill.nix b/2configs/wireguard/wiregrill.nix
index 27984d41b..ec7c6f9c5 100644
--- a/2configs/wireguard/wiregrill.nix
+++ b/2configs/wireguard/wiregrill.nix
@@ -31,6 +31,9 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) {
     };
   };
 
+  # host secret 
+  sops.secrets."wiregrill.key" = {};
+
   services.dnsmasq = mkIf isRouter {
     enable = true;
     resolveLocalQueries = false;
@@ -87,7 +90,7 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) {
       (optional (!isNull self.ip4) self.ip4.addr) ++
       (optional (!isNull self.ip6) self.ip6.addr);
     listenPort = self.wireguard.port;
-    privateKeyFile = (toString <secrets>) + "/wiregrill.key";
+    privateKeyFile = config.sops.secrets."wiregrill.key".path;
     allowedIPsAsRoutes = true;
     peers = mapAttrsToList
       (_: host: {