treewide: fixup stockholm lib, explicit dependencies and impure quirks

2configs/backup/state.nix

@@ -1,11 +1,13 @@
 { config, ... }:
 # back up all state
 let
-  sec = toString <secrets>;
+  sshkey = config.sops.secrets."borg.priv".path;
-  sshkey = sec + "/borg.priv";
+  phrase = config.sops.secrets."borg.pw".path;
-  phrase = sec + "/borg.pw";
 in
 {
+  sops.secrets."borg.priv" = {};
+  sops.secrets."borg.pw" = {};
+
   services.borgbackup.jobs.state = {
     repo = "borg-${config.krebs.build.host.name}@backup.makefu.r:.";
     paths = config.state;

2configs/git/brain-retiolum.nix

@@ -1,6 +1,5 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, stockholm, ... }:
-# TODO: remove tv lib :)
+with stockholm.lib;
-with import <stockholm/lib>;
 let
 
   repos = krebs-repos;

2configs/gui/not-gnome.nix

@@ -20,6 +20,8 @@
       drawThickness=0
       filenamePattern=%F_%T_shot
     '';
+
+    users.users.${config.krebs.build.user.name}.packages = [ pkgs.clipit ];
     systemd.user.services.clipit = {
       Unit = {
         Description = "clipboard manager";

2configs/home-manager/desktop.nix

@@ -2,7 +2,7 @@
 
 {
 
-  users.users.makefu.packages = with pkgs;[ bat direnv clipit ];
+  users.users.makefu.packages = with pkgs;[ bat direnv ];
   home-manager.users.makefu = {
     programs.beets.enable = true;
     programs.firefox = {
@@ -23,5 +23,5 @@
         "kjacjjdnoddnpbbcjilcajfhhbdhkpgk" # forest
       ];
     };
-
+  };
 }

2configs/remote-build/aarch64-community.nix

@@ -1,4 +1,6 @@
+{ config, ... }: 
 {
+  sops.secrets."nixos-community" = {};
   nix = {
     distributedBuilds = true;
     buildMachines = [

2configs/secrets/default.nix

@@ -1,4 +1,5 @@
+{ config, ... }:
 {
-  sops.defaultSopsFile = ../../secrets/common.yaml;
+  sops.defaultSopsFile = ../.. + "/secrets/${config.krebs.build.host.name}.yaml";
   sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
 }

2configs/secrets/user-passwords.nix

@@ -3,8 +3,14 @@
   imports = [ ./default.nix ];
 
   sops.secrets = {
-    "passwd/makefu".neededForUsers = true;
+    "passwd/makefu" = {
-    "passwd/root".neededForUsers = true;
+      neededForUsers = true;
+      sopsFile = ../../secrets/common.yaml;
+    };
+    "passwd/root" = {
+      neededForUsers = true;
+      sopsFile = ../../secrets/common.yaml;
+    };
   };
 
   users.users = {

2configs/share/default.nix

@@ -1,5 +1,5 @@
-{ config, lib, ... }:
+{ config, lib, stockholm, ... }:
-with import <stockholm/lib>;
+with stockholm.lib;
 let
   base-dir = config.services.rtorrent.downloadDir;
 in {

2configs/tools/dev.nix

@@ -20,7 +20,7 @@
     # nix related
     nix-index
     nix-review
-    brain
+    # brain
     whatsupnix
     nixpkgs-pytools
     nixpkgs-fmt
@@ -28,7 +28,7 @@
     # git-related
     git-preview
     tig
-    (pkgs.callPackage ./init-host {})
+    # (pkgs.callPackage ./init-host {})
     # used more than once
     imagemagick
     qrencode

2configs/tools/games.nix

@@ -5,7 +5,8 @@
     # ./steam.nix
   ];
   users.users.makefu.packages = with pkgs; [
-    games-user-env
+    # kaputt:
+    # games-user-env
     wine
     pkg2zip
     steam

2configs/tools/mobility.nix

@@ -5,7 +5,8 @@
     mosh
     sshfs
     rclone
-    (pkgs.callPackage ./secrets.nix {})
+
+    # (pkgs.callPackage ./secrets.nix {})
 
     opensc pcsctools libu2f-host
   ];

2configs/wireguard/wiregrill.nix

@@ -31,6 +31,9 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) {
     };
   };
 
+  # host secret 
+  sops.secrets."wiregrill.key" = {};
+
   services.dnsmasq = mkIf isRouter {
     enable = true;
     resolveLocalQueries = false;
@@ -87,7 +90,7 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) {
       (optional (!isNull self.ip4) self.ip4.addr) ++
       (optional (!isNull self.ip6) self.ip6.addr);
     listenPort = self.wireguard.port;
-    privateKeyFile = (toString <secrets>) + "/wiregrill.key";
+    privateKeyFile = config.sops.secrets."wiregrill.key".path;
     allowedIPsAsRoutes = true;
     peers = mapAttrsToList
       (_: host: {