refactor: move ark into dentritic pattern

2026-05-21 22:50:15 -04:00
parent 8043068885
commit f3b32776f6
48 changed files with 586 additions and 1562 deletions
--- a/modules/koon/host/ark/sops.nix
+++ b/modules/koon/host/ark/sops.nix
@@ -0,0 +1,34 @@
+{ self, ... }: {
+  flake.nixosModules.koonArkSops = { config, ... }: {
+    sops = {
+      age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+
+      defaultSopsFile = "${self}/secrets/koon/ark/default.yaml";
+
+      validateSopsFiles = false;
+
+      secrets = {
+        "restic-password" = {};
+        "tunnel-credentials" = {};
+        "admin-password" = {};
+
+        "pocket-id-encryption-key" = {
+          owner = config.services.pocket-id.user;
+        };
+
+        "waka-password-salt" = {
+          owner = config.users.users.wakapi.name;
+        };
+
+        "oauth/photos/clientId" = {};
+        "oauth/photos/clientSecret" = {};
+        "oauth/git/clientId" = {
+          owner = config.services.gitea.user;
+        };
+        "oauth/git/clientSecret" = {
+          owner = config.services.gitea.user;
+        };
+      };
+    };
+  };
+}