some cleanup

flake.nix

@@ -36,7 +36,7 @@
 
       specialArgs = rec {
         inherit inputs lib';
-        var = (lib'.walk-dir ./var)._map (f: import f { inherit lib var; });
+        var = import ./var { inherit lib; };
         secrets = lib'.walk-dir ./secrets;
       };
       overlays = _: {

lib.nix

@@ -1,7 +1,7 @@
 { lib, ... }:
 with builtins;
-let
+rec {
-  walk-dir-inner =
+  walk-dir =
     path:
     let
       dir = readDir path;
@@ -12,18 +12,8 @@ let
         if value == "regular" then
           path + "/${filename}"
         else if value == "directory" then
-          walk-dir-inner (path + "/${filename}")
+          walk-dir (path + "/${filename}")
         else
           throw "Items of type ${value} are unsupported.";
     }) dir;
-
-  helper-attrs = subpaths: {
-    _map = f: lib.mapAttrsRecursive (_: f) subpaths;
-  };
-
-  with-helper-attrs =
-    x: if isAttrs x then lib.mapAttrs (_: with-helper-attrs) x // helper-attrs x else x;
-in
-{
-  walk-dir = p: with-helper-attrs (walk-dir-inner p);
 }

secrets.nix

@@ -1,9 +1,7 @@
 let
-  keys =
+  pkgs = import <nixpkgs> { };
-    let
+  inherit (pkgs) lib;
-      k = import ./var/ssh-keys.nix { };
+  keys = (import ./var { inherit lib; }).ssh-keys.root;
-    in
-    k.root; # ++ k.hd;
   secrets = [
     "roam/rclone-conf"
     "hd-password"

secrets/hd-password.age

@@ -1,10 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 ydxpSQ M0sDsl0um+whNdnXrl5RMp8BAXdVe1n8K41L6HXizG4
+-> ssh-ed25519 ydxpSQ NpAWr39/EtAvLrm1ZAA7r4Cx2G4axqVCmBXDupKWyHI
-hIV5u4+ZPujJsNwet9UC2wnAFgpFe+b4BGtsNhah/34
+jtH6IB4w4oQiSyQ22YYQvHXn2BIpCxVKw+dj5VQ+RIg
--> ssh-ed25519 gbs8eg lNj3bYYZXf28MzvjOJ052zOg7xOROf3MjUWR35ZJfWw
+-> ssh-ed25519 gbs8eg iXE23gxJJlJhoV5/vc3P/xM8l5poODWZt9cmu027SSM
-Pxqa+IqRVAhoJdV/Muzt74rfoYBxE4YLh7y8KWwHaG0
+OqRXi1L4yRG6b5MU8L12m7GHpKK7L6QXallzYBe971M
--> ssh-ed25519 FTMbvw 7deJR8NLmOWT/RKUa+JbdZ7KYcLNqYxuYS9y/eOYoE8
+-> ssh-ed25519 FTMbvw NE+q2JXrQjuqt4Q5KRh5/s53xoz/gcx9k/QzYk1NUmU
-haM8XoJVYTUVEEEuMbCdQxuOeZZT8ILtaGWG/uRDo+0
+un55OQzaIA5XDsU8AukomS3gyJvEtuspxRvumqZd74w
---- MKr7VcEMTYpu+gNelWf7vIZvU/TpyH/N61shLABcitA
+--- tXcyFIzu77Mm0VIygP1slKtqsJQk3arctl2LimSkNbA
- Ïº›aÐ̓UJm!yëa÷Ù<C3B7>ÎŒnxŒ<78>E8ù·KwŸŒ*	Z%MV:‚ò¬™¥’ A•ÖšK<C5A1>;ñÔï&™ì
+<EFBFBD>5"mÜþÉnÄÐU¨¾6T‡YÁÇÓ{"29¸	|¿è^0ÁúlãÁFÄáT'ÌŒ&—DÈ0LóiêGŠL#':’±÷NËä÷N–A/}øþ§Àá'2,±7(þÉØtšHÄA aR•–ÛK
-¾~GÞÂ;ÑéjyõJ[ø<>6à´zKñ›×/4Ò²·?<3F>¦ñ

var/default.nix

@@ -0,0 +1,11 @@
+{ lib, ... }@inp:
+let
+  files = [
+    "lan-dns"
+    "ssh-keys"
+    "wg"
+  ];
+  import_file = name: { ${name} = import ./${name}.nix (inp // { inherit var; }); };
+  var = lib.foldl' (a: b: a // b) { } (map import_file files);
+in
+var

var/ssh-keys.nix

@@ -1,16 +1,17 @@
-_: rec {
+{ lib, ... }:
-  # this is only used for forcing password entry on colmena apply
+let
-  root-by-host = {
+  mkKeys = k: { by-host = k; } // builtins.mapAttrs (_: lib.attrValues) k;
-    "solo" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsl8pLaGeCL3kacGWf8pzoLQr501ga/2OzvI2wWbTZJ";
+in
-    "c2" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJAZaswaiA+oQ9NviADYFf7BJQHNlmdxQuocIdoJmv3o";
-    "roam" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID++uLcQOx/to3sEo5Nk97CenGf0Y6/dMsBbLouVTgIQ";
-  };
-  root = builtins.attrValues root-by-host;
 
-  hd-by-host = {
+mkKeys {
+  hd = {
     "solo" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEG+dd4m98aKEWfFa/7VZUlJNX0axvIlHVihT8w7RLyY";
     "c2" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIsoj2+esEebRwDV2PuNRt9Vz28oolOy+Hc2THwrWTAB";
     "roam" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDlh8hY01wwmNtfa1eK3mVBIcytdh4n/kV05gP9z1Lc";
   };
-  hd = builtins.attrValues hd-by-host;
+  root = {
+    "solo" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsl8pLaGeCL3kacGWf8pzoLQr501ga/2OzvI2wWbTZJ";
+    "c2" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJAZaswaiA+oQ9NviADYFf7BJQHNlmdxQuocIdoJmv3o";
+    "roam" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID++uLcQOx/to3sEo5Nk97CenGf0Y6/dMsBbLouVTgIQ";
+  };
 }