old
  1{
  2  lib,
  3  config,
  4  ...
  5}: let
  6  secretFileConf = {
  7    format = "yaml";
  8    sopsFile = ./secrets.yaml;
  9  };
 10in
 11  lib.mkMerge (
 12    [
 13      {
 14        sops.secrets = builtins.listToAttrs (builtins.map (x: {
 15          name = "pardofelis-${x}";
 16          value =
 17            {
 18              key = x;
 19            }
 20            // secretFileConf;
 21        }) ["ipv4" "ipv6" "gateway" "gateway6"]);
 22      }
 23    ]
 24    ++ lib.map (nvp: {
 25      sops.secrets.${nvp.name} =
 26        lib.mkIf
 27        (config.modules.currentHost == "pardofelis")
 28        nvp.value;
 29    }) (
 30      let
 31        artalkConf = {
 32          owner = "root";
 33          group = "artalk";
 34          mode = "0440";
 35        };
 36        autheliaMainConf = {
 37          owner = "root";
 38          group = "authelia-main";
 39          mode = "0440";
 40        };
 41      in [
 42        {
 43          name = "freshrss-admin-password";
 44          value =
 45            {
 46              key = "services/freshrss/defaultUserPassword";
 47              owner = "root";
 48              group = "freshrss";
 49              mode = "0440";
 50            }
 51            // secretFileConf;
 52        }
 53        {
 54          name = "grafana-admin-password";
 55          value =
 56            {
 57              key = "services/grafana/adminPassword";
 58              owner = "root";
 59              group = "grafana";
 60              mode = "0440";
 61            }
 62            // secretFileConf;
 63        }
 64        {
 65          name = "forgejo-mailer-password";
 66          value =
 67            {
 68              key = "services/forgejo/mailerPassword";
 69              owner = "root";
 70              group = "forgejo";
 71              mode = "0440";
 72            }
 73            // secretFileConf;
 74        }
 75        {
 76          name = "restic-backup-password";
 77          value = {key = "services/restic/password";} // secretFileConf;
 78        }
 79        {
 80          name = "forgejo-runner-token";
 81          value = {key = "services/forgejo-runner/token";} // secretFileConf;
 82        }
 83        # === GoToSocial === #
 84        {
 85          name = "gotosocial-s3-endpoint";
 86          value = {key = "services/gotosocial/s3Endpoint";} // secretFileConf;
 87        }
 88        {
 89          name = "gotosocial-s3-access-key";
 90          value = {key = "services/gotosocial/s3AccessKey";} // secretFileConf;
 91        }
 92        {
 93          name = "gotosocial-s3-secret-key";
 94          value = {key = "services/gotosocial/s3SecretKey";} // secretFileConf;
 95        }
 96        {
 97          name = "gotosocial-oidc-secret";
 98          value = {key = "services/gotosocial/oidcSecret";} // secretFileConf;
 99        }
100        {
101          name = "gotosocial-smtp-password";
102          value = {key = "services/gotosocial/smtpPassword";} // secretFileConf;
103        }
104        {
105          name = "gotosocial-metrics-password";
106          value = {key = "services/gotosocial/metricsPassword";} // secretFileConf;
107        }
108        # === Authelia === #
109        {
110          name = "authelia-main-oidc-hmac-secret";
111          value =
112            {key = "services/authelia/main/oidcHmacSecret";}
113            // autheliaMainConf
114            // secretFileConf;
115        }
116        {
117          name = "authelia-main-oidc-issuer-private-key";
118          value =
119            {key = "services/authelia/main/oidcIssuerPrivateKey";}
120            // autheliaMainConf
121            // secretFileConf;
122        }
123        {
124          name = "authelia-main-session-secret";
125          value =
126            {key = "services/authelia/main/sessionSecret";}
127            // autheliaMainConf
128            // secretFileConf;
129        }
130        {
131          name = "authelia-main-jwt-secret";
132          value =
133            {key = "services/authelia/main/jwtSecret";}
134            // autheliaMainConf
135            // secretFileConf;
136        }
137        {
138          name = "authelia-main-storage-encryption-key";
139          value =
140            {key = "services/authelia/main/storageEncryptionKey";}
141            // autheliaMainConf
142            // secretFileConf;
143        }
144        {
145          name = "authelia-main-client-secrets-forgejo";
146          value =
147            {key = "services/authelia/main/clientSecrets/forgejo";}
148            // autheliaMainConf
149            // secretFileConf;
150        }
151        {
152          name = "authelia-main-client-secrets-gokapi";
153          value =
154            {key = "services/authelia/main/clientSecrets/gokapi";}
155            // autheliaMainConf
156            // secretFileConf;
157        }
158        {
159          name = "authelia-main-client-secrets-gts-trinnon";
160          value =
161            {key = "services/authelia/main/clientSecrets/gts-trinnon";}
162            // autheliaMainConf
163            // secretFileConf;
164        }
165        # === Artalk === #
166        {
167          name = "artalk-akismet-key";
168          value =
169            {key = "services/artalk/akismetKey";}
170            // artalkConf
171            // secretFileConf;
172        }
173        {
174          name = "artalk-app-key";
175          value =
176            {key = "services/artalk/appKey";}
177            // artalkConf
178            // secretFileConf;
179        }
180        {
181          name = "artalk-email-password";
182          value =
183            {key = "services/artalk/emailPassword";}
184            // artalkConf
185            // secretFileConf;
186        }
187        {
188          name = "artalk-github-client-id";
189          value =
190            {key = "services/artalk/githubClientId";}
191            // artalkConf
192            // secretFileConf;
193        }
194        {
195          name = "artalk-github-client-secret";
196          value =
197            {key = "services/artalk/githubClientSecret";}
198            // artalkConf
199            // secretFileConf;
200        }
201        # === Gokapi === #
202        {
203          name = "gokapi-salt-admin";
204          value = {key = "services/gokapi/saltAdmin";} // secretFileConf;
205        }
206        {
207          name = "gokapi-salt-files";
208          value = {key = "services/gokapi/saltFiles";} // secretFileConf;
209        }
210        {
211          name = "gokapi-oauth-secret";
212          value = {key = "services/gokapi/oauthSecret";} // secretFileConf;
213        }
214      ]
215    )
216  )