feat(secrets): auto-add secrets, create path shortcut

flake.nix

@@ -108,6 +108,8 @@
 
               inputs.impermanence.nixosModules.impermanence
               inputs.quick-nix-registry.nixosModules.local-registry
+
+              ./secrets
             ];
           };
 

modules/devos/options.nix

@@ -23,6 +23,8 @@ in
       monitors = mkOpt int 1;
       graphical = mkBoolOpt config.services.xserver.enable;
     };
+
+    secrets = mkOpt (attrsOf path) { };
   };
 
   config = {
@@ -40,5 +42,7 @@ in
     environment.variables = mkAliasDefinitions options.env;
 
     bud.localFlakeClone = config.dotfiles.dir;
+
+    secrets = mapAttrs (n: v: v.path) config.age.secrets;
   };
 }

secrets/default.nix

@@ -0,0 +1,11 @@
+{ lib, self, ... }:
+let
+  folder = ./.;
+  toFile = name: "${folder}/${name}";
+  filterSecrets = key: value: value == "regular" && lib.hasSuffix ".age" key;
+  filtered = (lib.filterAttrs filterSecrets (builtins.readDir folder));
+  secrets = lib.mapAttrs' (n: v: lib.nameValuePair (lib.removeSuffix ".age" n) { file = toFile n; }) filtered;
+in
+{
+  age.secrets = secrets;
+}

users/infinidoge/default.nix

@@ -89,12 +89,10 @@ in
     software.minipro.enable = true;
   };
 
-  age.secrets.infinidoge-password.file = "${self}/secrets/infinidoge-password.age";
-
   user = {
     name = "infinidoge";
     uid = 1000;
-    passwordFile = config.age.secrets.infinidoge-password.path;
+    passwordFile = config.secrets.infinidoge-password;
     description = "Infinidoge, primary user of the system";
     group = "users";
     isNormalUser = true;

users/root/default.nix

@@ -1,7 +1,5 @@
 { lib, config, self, ... }: {
-  age.secrets.root-password.file = "${self}/secrets/root-password.age";
+  users.users.root.passwordFile = config.secrets.root-password;
-
-  users.users.root.passwordFile = config.age.secrets.root-password.path;
 
   home-manager.users.root = { suites, profiles, ... }: {
     imports = lib.lists.flatten [