modules: secrets: move wireguard keys

This is a bit special, as some of the keys do not belong to NixOS hosts,
so store those in the module itself, and into host-specific directories
for the keys that are NixOS hosts.

hosts/nixos/aramis/secrets/secrets.nix

@@ -9,5 +9,5 @@ let
   ];
 in
 {
-  # Add secrets here
+  "wireguard/private-key.age".publicKeys = all;
 }

hosts/nixos/porthos/secrets/secrets.nix

@@ -59,6 +59,8 @@ in
 
   "transmission/credentials.age".publicKeys = all;
 
+  "wireguard/private-key.age".publicKeys = all;
+
   "woodpecker/gitea.age".publicKeys = all;
   "woodpecker/secret.age".publicKeys = all;
   "woodpecker/ssh/private-key.age".publicKeys = all;

modules/secrets/secrets.nix

@@ -7,9 +7,4 @@ in
 {
   "users/ambroisie/hashed-password.age".publicKeys = all;
   "users/root/hashed-password.age".publicKeys = all;
-
-  "wireguard/aramis/private-key.age".publicKeys = all;
-  "wireguard/milady/private-key.age".publicKeys = all;
-  "wireguard/porthos/private-key.age".publicKeys = all;
-  "wireguard/richelieu/private-key.age".publicKeys = all;
 }

modules/services/wireguard/default.nix

@@ -12,7 +12,7 @@ let
     let
       mkPeer = name: attrs: {
         inherit (attrs) clientNum publicKey;
-        privateKeyFile = secrets."wireguard/${name}/private-key".path;
+        privateKeyFile = secrets."wireguard/private-key".path;
       } // lib.optionalAttrs (attrs ? externalIp) {
         inherit (attrs) externalIp;
       };

modules/services/wireguard/keys/secrets.nix

@@ -0,0 +1,15 @@
+# Extra wireguard keys that are not hosts NixOS hosts
+let
+  keys = import ../../../../keys;
+
+  all = [
+    keys.users.ambroisie
+  ];
+in
+{
+  # Sarah's iPhone
+  "milady/private-key.age".publicKeys = all;
+
+  # My Android phone
+  "richelieu/private-key.age".publicKeys = all;
+}