Move secrets to flakes

2 files changed, 19 insertions, 4 deletions

diff --git a/flakes/private/opendmarc/flake.lock b/flakes/private/opendmarc/flake.lock
index 121f51d..bd5019c 100644
--- a/flakes/private/opendmarc/flake.lock
+++ b/flakes/private/opendmarc/flake.lock
@@ -123,7 +123,19 @@
         "files-watcher": "files-watcher",
         "my-lib": "my-lib",
         "nix-lib": "nix-lib",
-        "opendmarc": "opendmarc"
+        "opendmarc": "opendmarc",
+        "secrets": "secrets"
+      }
+    },
+    "secrets": {
+      "locked": {
+        "narHash": "sha256-aRHKDVHDpnqpmgGhLGQxXwyTwmPuhUJTVcOLBYtY2ks=",
+        "path": "../../secrets",
+        "type": "path"
+      },
+      "original": {
+        "path": "../../secrets",
+        "type": "path"
       }
     }
   },
diff --git a/flakes/private/opendmarc/flake.nix b/flakes/private/opendmarc/flake.nix
index debcfbd..2b73070 100644
--- a/flakes/private/opendmarc/flake.nix
+++ b/flakes/private/opendmarc/flake.nix
@@ -3,6 +3,10 @@
     path = "../../opendmarc";
     type = "path";
   };
+  inputs.secrets = {
+    path = "../../secrets";
+    type = "path";
+  };
   inputs.files-watcher = {
     path = "../../files-watcher";
     type = "path";
@@ -14,14 +18,13 @@
   inputs.nix-lib.url = "github:NixOS/nixpkgs";
 
   description = "Private configuration for opendmarc";
-  outputs = { self, nix-lib, opendmarc, my-lib, files-watcher }:
+  outputs = { self, nix-lib, opendmarc, my-lib, files-watcher, secrets }:
     let
       cfg = name': { config, lib, pkgs, name, ... }: {
         imports = [
           (my-lib.lib.withNarKey files-watcher "nixosModule")
           (my-lib.lib.withNarKey opendmarc "nixosModule")
-          #FIXME:
-          #(my-lib.lib.withNarKey secrets "nixosModule")
+          (my-lib.lib.withNarKey secrets "nixosModule")
         ];
         config = lib.mkIf (name == name') {
           users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ];