refac secrets, make some data public

.envrc

@@ -1,3 +1,3 @@
 use flake
 
-export RULES=./secrets.config.nix
+export RULES=./.agenix_config.nix

.gitattributes

@@ -1,6 +1,4 @@
-**/secrets.nix filter=git-crypt diff=git-crypt
+**/*.secret.nix filter=git-crypt diff=git-crypt
 
-secrets.config.nix filter=git-crypt diff=git-crypt
+.agenix_config.nix filter=git-crypt diff=git-crypt
 **/*.age filter=git-crypt diff=git-crypt
-
-machines/magenta/services/mailserver-accounts.nix filter=git-crypt diff=git-crypt

machines/asus-gl553vd/default.nix

@@ -1,8 +1,5 @@
 { config, pkgs, lib, ... }:
 
-let
-  secrets = import ../../secrets.nix;
-in
 {
   imports = [
     # Include the results of the hardware scan.
@@ -13,6 +10,7 @@ in
     ../modules/fonts.nix
     ../modules/gnupg.nix
     ../modules/nix.nix
+    ../modules/networking.secret.nix
   ];
 
   # Use latest kernel
@@ -30,7 +28,6 @@ in
 
   networking = {
     hostName = "laptop"; # Define your hostname.
-    inherit (secrets.networking) extraHosts;
 
     useDHCP = false;
     interfaces = {
@@ -43,7 +40,6 @@ in
 
   # enable bluetooth
   hardware.bluetooth.enable = true;
-  services.blueman.enable = true;
 
   # configure mouse and touchpad
   services.xserver.libinput = {

machines/home/default.nix

@@ -1,8 +1,5 @@
 { config, pkgs, lib, ... }:
 
-let
-  secrets = import ../../secrets.nix;
-in
 {
   imports = [
     # Include the results of the hardware scan.
@@ -14,6 +11,7 @@ in
     ../modules/gnupg.nix
     ../modules/nix.nix
     ../modules/garbage-collector.nix
+    ../modules/networking.secret.nix
   ];
 
   # Configure kernel
@@ -33,7 +31,6 @@ in
 
   networking = {
     hostName = "home"; # Define your hostname.
-    inherit (secrets.networking) extraHosts;
 
     useDHCP = false;
     interfaces = {

machines/magenta/services/mailserver.nix

@@ -1,7 +1,7 @@
 { ... }:
 
 {
-  imports = [ ./mailserver-accounts.nix ];
+  imports = [ ./mailserver-accounts.secret.nix ];
 
   # See: https://nixos-mailserver.readthedocs.io/en/latest/options.html
   mailserver = {

users/jan/home.nix

@@ -1,10 +1,9 @@
 { config, lib, pkgs, ... }:
 
-let
-  secrets = import ./secrets.nix;
-in
 {
   imports = [
+    ./accounts.secret.nix
+
     ../modules/window_manager
     ../modules/terminal.nix
     ../modules/shell.nix
@@ -48,8 +47,9 @@ in
   ];
 
   local.git = {
-    gpgKey = secrets.gpgSigningKey;
-    inherit (secrets) userName userEmail;
+    gpgKey = "7685890DCD544AF1507A84F21B59187B161C0215";
+    userEmail = "dmitriy@ideascup.me";
+    userName = "Dmitriy Pleshevskiy";
     git-crypt.enable = true;
   };
 
@@ -58,8 +58,6 @@ in
     eval $(kubectl completion zsh)
   '';
 
-  accounts.email.accounts = secrets.emailAccounts;
-
   home.file = {
     "scripts" = {
       source = ./scripts;