1 files changed, 0 insertions, 92 deletions
diff --git a/lib/secrets/default.nix b/lib/secrets/default.nix
deleted file mode 100644
index 3c2da95..0000000
--- a/lib/secrets/default.nix
+++ /dev/null
@@ -1,92 +0,0 @@
-{ pkgs, config, lib, metadata, ... }:
-
-with lib;
-
-let
-  cfg = config.my.secrets;
-
-  secret = types.submodule {
-    options = {
-      source = mkOption {
-        type = types.path;
-        description = "local secret path";
-      };
-
-      dest = mkOption {
-        type = types.str;
-        description = "where to write the decrypted secret to";
-      };
-
-      owner = mkOption {
-        default = "root";
-        type = types.str;
-        description = "who should own the secret";
-      };
-
-      group = mkOption {
-        default = "root";
-        type = types.str;
-        description = "what group should own the secret";
-      };
-
-      permissions = mkOption {
-        default = "0400";
-        type = types.str;
-        description = "Permissions expressed as octal.";
-      };
-    };
-  };
-
-  mkSecretOnDisk = name:
-    { source, ... }:
-    pkgs.stdenv.mkDerivation {
-      name = "${name}-secret";
-      phases = "installPhase";
-      buildInputs = [ pkgs.rage ];
-      installPhase =
-        let
-          key = metadata.hosts."${config.networking.hostName}".sshPubKey;
-        in
-        ''
-          rage -a -r '${key}' -o "$out" '${source}'
-        '';
-    };
-
-  mkService = name:
-    { source, dest, owner, group, permissions, ... }: {
-      description = "decrypt secret for ${name}";
-      wantedBy = [ "multi-user.target" ];
-
-      serviceConfig.Type = "oneshot";
-
-      script = with pkgs; ''
-        rm -rf ${dest}
-        "${rage}"/bin/rage -d -i /etc/ssh/ssh_host_ed25519_key -o '${dest}' '${
-          mkSecretOnDisk name { inherit source; }
-        }'
-
-        chown '${owner}':'${group}' '${dest}'
-        chmod '${permissions}' '${dest}'
-      '';
-    };
-in
-{
-  options.my.secrets = mkOption {
-    type = types.attrsOf secret;
-    description = "secret configuration";
-    default = { };
-  };
-
-  config = mkIf (cfg != []) {
-    systemd.services =
-      let
-        units = mapAttrs'
-          (name: info: {
-            name = "${name}-key";
-            value = (mkService name info);
-          })
-          cfg;
-      in
-      units;
-  };
-}