refactor: separate sops-nix configuration for each device

.sops.yaml

@@ -1,6 +1,7 @@
 keys:
   - &dn_server age1z6f643a6vqm7cqh6fna5dhmxfkgwxgqy8kg9s0vf9uxhaswtngtspmqsjw
   - &dn_pre7780 age1uvsvf5ljaezh5wze32p685kfentyle0l2mvysc67yvgct2h4850qqph9lv
+  - &dn_lap age17rjcght2y5p4ryr76ysnxpy2wff62sml7pyc5udcts48985j05vqpwdfq2
 
 creation_rules:
   - path_regex: system/dev/dn-server/secret.yaml
@@ -11,3 +12,7 @@ creation_rules:
     key_groups:
       - age:
           - *dn_pre7780
+  - path_regex: system/dev/dn-lap/secret.yaml
+    key_groups:
+      - age:
+          - *dn_lap

system/dev/dn-lap/default.nix

@@ -6,6 +6,7 @@
   imports = [
     ./hardware-configuration.nix
     ./boot.nix
+    ./sops-conf.nix
     ../../modules/presets/basic.nix
     ../../modules/gaming.nix
     ../../modules/virtualization.nix

system/dev/dn-lap/secret.yaml

@@ -0,0 +1,22 @@
+wireguard:
+    conf: ENC[AES256_GCM,data:GKUlc2K+pJCZHrasZtC/ql8ojYOyIqquOa6gTD3BycvCIU62OO0X0Zi1XW858AzQokHNd3vE+m18XPk1/am5I9FBc0+vGlVctNZgcPLKYObsxF40aZU+NU+Ip1wjNP/V6t0zyt6ur7R7Si9HePhZZqDEpdyBzR2Jjl8DrfC9NiRTVQaHw1D72yjwOGZCkeY7n8PRW9wW9UkzuJNmFHDxF4nUaeP3k3fpfLFEOVyyjvy8Ba995tVWOfJgkMng57VgIr36jzMXWlkpSTB06wWEIfgVpbQpzkFyxWwA4sxhMJfp4JvO3IvzUvkGn3W14Z/SVcg5km7q5aXff9m1/Srn,iv:Oxa377J9Wufm036iFcm+RvitNiWWNPXmUrm9BwrUfBo=,tag:kM4PR/u+j1RkET2Z7FTIPA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age17rjcght2y5p4ryr76ysnxpy2wff62sml7pyc5udcts48985j05vqpwdfq2
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1ankwMFc5R3lRK2svRzBL
+            VVRUMjNRYisyRTNxM1hHeDNsbGVGT2hFUkEwCkpoVWR4MXVuWlJpZEt3eGJiYm5t
+            SUZubUJqSUEwNnk1K1RsWFVucmFoVEkKLS0tIFd1TitJMHNxc2xwWCtwWnJSWWhN
+            SnFxQ2Z0MVZ6Nm5oRy96TjFKR0Y3dEkKsT9FjBvrjUZCAx0XKb5Vj5I7VsJixdtf
+            LTNIAxt20mkyuddr6AaFFN8xsjz0TlwEQRgSGAmm3As2KGKohduMsQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-04-22T05:44:47Z"
+    mac: ENC[AES256_GCM,data:DODaAnKe5ExNhXxfOq874bXGy44A3aw+KWnpeDr3OAbocVMvM0uE55r0x9JEbMakVWiDZq0SCP2K6XiTT74hX90tmwvl8jr9HYqAqscOZ75mRfc2NmZJRWuxJj6nA0U+4/A6dm2ftSXP09rH/WjKGpLObLbpOKQledM+U5Ggzjo=,iv:WEhgMOX+L471+ZrBicoBsJAlTxLl9Nc608SPJ3p6XpY=,tag:e/eKKmy4Z8+mC9Ixg0X6+A==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.4

system/dev/dn-lap/sops-conf.nix

@@ -0,0 +1,7 @@
+{
+  sops = {
+    secrets = {
+      "wireguard/conf" = { };
+    };
+  };
+}

system/dev/dn-pre7780/default.nix

@@ -12,6 +12,7 @@
     })
     ./hardware-configuration.nix
     ./boot.nix
+    ./sops-conf.nix
     ../../modules/presets/basic.nix
     ../../modules/cuda.nix
     ../../modules/gaming.nix

system/dev/dn-pre7780/sops-conf.nix

@@ -0,0 +1,7 @@
+{
+  sops = {
+    secrets = {
+      "wireguard/conf" = { };
+    };
+  };
+}

system/dev/dn-server/default.nix

@@ -11,6 +11,7 @@
       intel-bus-id = settings.nvidia.intel-bus-id;
       nvidia-bus-id = settings.nvidia.nvidia-bus-id;
     })
+    ./sops-conf.nix
     ./boot.nix
     ./hardware-configuration.nix
     ./networking.nix

system/dev/dn-server/sops-conf.nix

@@ -0,0 +1,9 @@
+{
+  sops = {
+    secrets = {
+      "wireguard/privateKey" = { };
+      "nextcloud/adminPassword" = { };
+      "step_ca/password" = { };
+    };
+  };
+}

system/modules/sops-nix.nix

@@ -10,13 +10,6 @@ in
     age = {
       keyFile = ageKeyFile;
     };
-
-    secrets = {
-      "wireguard/privateKey" = { };
-      "wireguard/conf" = { };
-      "nextcloud/adminPassword" = { };
-      "step_ca/password" = { };
-    };
   };
 
   environment.variables = {