wip: secrets

home/modules/anki/default.nix

@@ -4,13 +4,19 @@
   pkgs,
   myUtils,
   osConfig ? null,
+  inputs ? null,
   ...
 }:
 
 let
   sops = myUtils.sopsAvailability config osConfig;
+  standalone = osConfig == null;
 in
 {
+  sops.secrets = lib.mkIf standalone (
+    myUtils.mkSopsSecrets "${toString inputs.nix-secrets}/secrets" "anki" [ "sync-user" "sync-key" ] { }
+  );
+
   warnings = lib.optional (
     !sops.available && config.programs.anki.enable
   ) "anki is enabled but sops secrets are not available. anki sync will not be configured.";
@@ -24,8 +30,8 @@ in
       review-heatmap
     ];
     profiles."User 1".sync = lib.mkIf sops.available {
-      usernameFile = "${sops.secrets."anki-sync-user".path}";
-      keyFile = "${sops.secrets."anki-sync-key".path}";
+      usernameFile = "${sops.secrets."anki/sync-user".path}";
+      keyFile = "${sops.secrets."anki/sync-key".path}";
     };
   };
 }

home/modules/taskwarrior/default.nix

@@ -5,13 +5,31 @@
   dotsPath,
   myUtils,
   osConfig ? null,
+  inputs ? null,
   ...
 }:
 
 let
   sops = myUtils.sopsAvailability config osConfig;
+  standalone = osConfig == null;
 in
 {
+  sops = lib.mkIf standalone {
+    secrets = myUtils.mkSopsSecrets "${toString inputs.nix-secrets}/secrets" "taskwarrior" [
+      "sync-server-url"
+      "sync-server-client-id"
+      "sync-encryption-secret"
+    ] { };
+
+    templates."taskrc.d/sync" = {
+      content = ''
+        sync.server.url=${config.sops.placeholder."taskwarrior/sync-server-url"}
+        sync.server.client_id=${config.sops.placeholder."taskwarrior/sync-server-client-id"}
+        sync.encryption_secret=${config.sops.placeholder."taskwarrior/sync-encryption-secret"}
+      '';
+    };
+  };
+
   warnings =
     lib.optional (!sops.available && config.programs.taskwarrior.enable)
       "taskwarrior is enabled, but sops templates are not available. taskwarrior sync will not be configured.";