5 files changed, 25 insertions, 37 deletions

diff --git a/profiles/core/secrets.nix b/profiles/core/secrets.nix
index fc11563..f0897be 100644
--- a/profiles/core/secrets.nix
+++ b/profiles/core/secrets.nix
@@ -1,4 +1,20 @@
-{machine,inputs,config,lib,pkgs,...}: with lib; {
+{machine,inputs,config,lib,pkgs,...}: with lib;
+let
+  getSecrets = dir:
+    mapAttrs' (name: _: let
+      parts = splitString "." name;
+      base = head parts;
+      format = if length parts > 1 then elemAt parts 1 else "binary";
+    in nameValuePair base {
+      sopsFile = "${dir}/${name}";
+      inherit format;
+      key = machine.hostname;
+    }) (if (filesystem.pathIsDirectory dir) then
+         (filterAttrs (n: v: v != "directory") (builtins.readDir dir))
+        else
+        {});
+in
+{
   imports = [
     inputs.sops-nix.nixosModules.sops
     (mkAliasOptionModule [ "secrets" ] [ "sops" "secrets" ]) # TODO: get my username(s) from machine config
@@ -7,19 +23,11 @@
     age.sshKeyPaths = [];
     age.keyFile = mkIf (machine.hostname == "lemptop") "${config.hm.xdg.configHome}/sops/age/keys.txt";
 
-    secrets = mapAttrs' (name: _: let
-      parts = splitString "." name;
-      base = head parts;
-      format = if length parts > 1 then elemAt parts 1 else "binary";
-    in
-       {
-           name = base;
-           value = {
-               sopsFile = "${inputs.self}/secrets/${name}";
-               inherit format;
-               key = machine.hostname;
-           };
-    }) (builtins.readDir "${inputs.self}/secrets"); # keep it out of the store
+    secrets = attrsets.mergeAttrsList
+        [
+            (getSecrets "${inputs.self}/secrets")
+            (getSecrets "${inputs.self}/secrets/${machine.hostname}")
+        ];
   };
 
   environment = {
diff --git a/profiles/email/gmail.nix b/profiles/email/gmail.nix
index 6f2f7df..1a8381e 100644
--- a/profiles/email/gmail.nix
+++ b/profiles/email/gmail.nix
@@ -92,7 +92,7 @@
                   Inbox = { farPattern = "INBOX"; nearPattern = "INBOX"; extraConfig = { Create = "Near"; Expunge = "Both"; }; };
                   Archive = { farPattern = "[Gmail]/All Mail"; nearPattern = "Archive"; extraConfig = { Create = "Near"; Expunge = "Both"; }; };
                   Spam = { farPattern = "[Gmail]/Spam"; nearPattern = "Spam"; extraConfig = { Create = "Near"; Expunge = "Both"; }; };
-                  Trash = { farPattern = "[Gmail]/Bin"; nearPattern = "Trash"; extraConfig = { Create = "Near"; Expunge = "Both"; }; };
+                  Trash = { farPattern = "[Gmail]/Trash"; nearPattern = "Trash"; extraConfig = { Create = "Near"; Expunge = "Both"; }; };
                   Important = { farPattern = "[Gmail]/Important"; nearPattern = "Important"; extraConfig = { Create = "Near"; Expunge = "Both"; }; };
                   Sent = { farPattern = "[Gmail]/Sent Mail"; nearPattern = "Sent"; extraConfig = { Create = "Near"; Expunge = "Both"; }; };
                   FarDrafts = { farPattern = "[Gmail]/Drafts"; nearPattern = "FarDrafts"; extraConfig = { Create = "Near"; Expunge = "Both"; }; };
diff --git a/profiles/station/music.nix b/profiles/station/music.nix
index 80e0a51..b26a2ee 100644
--- a/profiles/station/music.nix
+++ b/profiles/station/music.nix
@@ -83,8 +83,8 @@
             progressbar_elapsed_color = "blue:b";
             statusbar_color = "red";
             statusbar_time_color = "cyan:b";
-            execute_on_song_change="pkill -RTMIN+11 dwmblocks";
-            execute_on_player_state_change="pkill -RTMIN+11 dwmblocks";
+            execute_on_song_change=''"pkill -RTMIN+11 dwmblocks"'';
+            execute_on_player_state_change=''"pkill -RTMIN+11 dwmblocks"'';
         };
     };
 }
diff --git a/secrets/hello b/secrets/hello
deleted file mode 100644
index 27b3a95..0000000
--- a/secrets/hello
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-	"data": "ENC[AES256_GCM,data:iZxyYQ6u7mUWk/1dr5bK09ko95QAJd3OTyZo/CT4HXSueFyHfo8fL8DDQNUSGMA=,iv:vSwpBRPCedBslzaqdeFun9YP9uHtFqsz44lU2mNd8yU=,tag:EE+4AsotaE2HBKB7ADwzqw==,type:str]",
-	"sops": {
-		"kms": null,
-		"gcp_kms": null,
-		"azure_kv": null,
-		"hc_vault": null,
-		"age": [
-			{
-				"recipient": "age10q9wse8dh0749ffj576q775q496pycucxlla9rjdq5rd7f4csyhqqrmkk0",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHbTNCUUI1UXBVRDJKVWRC\ndDgwRys5V1pZYm9IaGNBVUJpdldNK0gyWHo4CmF4VTRLTnRhVGErSGVnZGdNUUl4\nN1pVYWFPaThZdC94Y3ByaytRUnpxdTAKLS0tIGZJbktoMVp4bDBTSFVOWnpOOTlS\nSXJjeUNkZjVuQmdJdmtBa2N6UnMrNVkKpqPVSJud8ccgtYQc5mkhD3x4zMB+Sw8N\nJ6TxxGWt9tmwPb03Hy1BbeasmN93hA60tTF29WiAzcAiMBk+4o4IyQ==\n-----END AGE ENCRYPTED FILE-----\n"
-			}
-		],
-		"lastmodified": "2023-10-16T19:06:39Z",
-		"mac": "ENC[AES256_GCM,data:OnCstF0Kch19iTjg/mlMR96UEJKkMSW9xL3weNR2P+h8TmaredEzOjxRVtX8yWevQ3NH0+EEnasjhwSQJ85slUMZoCrNK8xG3Z+Is3ey+1rahskJ20e9UJ6AMP3mwjPNfW2nLVjjikbnRirw4cG151vqTCbkC+FLNaSVi3K1H+g=,iv:Pcq6sq9gpTPW1wy6helri73jpmkvhdm/Et/rzLn9vxU=,tag:cabq18p9PHkeRQVdGv8BdQ==,type:str]",
-		"pgp": null,
-		"unencrypted_suffix": "_unencrypted",
-		"version": "3.7.3"
-	}
-}
\ No newline at end of file
diff --git a/secrets/mopidy.yaml b/secrets/lemptop/mopidy.yaml
index 2f38ee3..2f38ee3 100644
--- a/secrets/mopidy.yaml
+++ b/secrets/lemptop/mopidy.yaml