{ config, lib, ... }: let inherit (config.networking) hostName; # mkFakeSecret = secretName: { # name = secretName; # value = { # path = "/dev/null"; # }; # }; # fakeSecrets = # builtins.listToAttrs (lib.debug.traceValSeqN 2 (builtins.map mkFakeSecret # (lib.debug.traceValSeqN 2 (builtins.attrNames secrets)))); in { config = lib.mkIf config.soispha.secrets.enable { age = { secrets = { nheko = { file = ./nheko/conf. + hostName; mode = "700"; owner = "soispha"; group = "users"; }; lf = { cd_paths = { file = ./lf/cd_paths; mode = "700"; owner = "soispha"; group = "users"; }; }; serverphoneCa = { file = ./serverphone/ca.key; mode = "700"; owner = "serverphone"; group = "serverphone"; }; serverphoneServer = { file = ./serverphone/server.key; mode = "700"; owner = "serverphone"; group = "serverphone"; }; taskserverPrivate = { file = ./taskserver/private.key; mode = "700"; owner = "soispha"; group = "users"; }; taskserverPublic = { file = ./taskserver/public.cert; mode = "700"; owner = "soispha"; group = "users"; }; taskserverCA = { file = ./taskserver/ca.cert; mode = "700"; owner = "soispha"; group = "users"; }; taskserverCredentials = { file = ./taskserver/credentials; mode = "700"; owner = "soispha"; group = "users"; }; }; }; }; }