systems+modules: add secretsDir specialArg

2 files changed, 6 insertions, 5 deletions

diff --git a/modules/nixos/services/cloudflared.nix b/modules/nixos/services/cloudflared.nix
index 30aa36b..39ecef7 100644
--- a/modules/nixos/services/cloudflared.nix
+++ b/modules/nixos/services/cloudflared.nix
@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  secretsDir,
   ...
 }: let
   cfg = config.server.services.cloudflared;
@@ -12,7 +13,7 @@ in {
 
   config = mkIf cfg.enable {
     age.secrets.cloudflaredCreds = {
-      file = ../../../secrets/${config.networking.hostName}/cloudflaredCreds.age;
+      file = secretsDir + "/cloudflaredCreds.age";
       mode = "400";
       owner = "cloudflared";
       group = "cloudflared";
diff --git a/modules/nixos/services/hercules.nix b/modules/nixos/services/hercules.nix
index 0060c08..c394da0 100644
--- a/modules/nixos/services/hercules.nix
+++ b/modules/nixos/services/hercules.nix
@@ -2,12 +2,12 @@
   config,
   lib,
   unstable,
+  secretsDir,
   ...
 }: let
   cfg = config.server.services.hercules-ci;
   inherit (lib) mkEnableOption mkIf;
 
-  baseDir = ../../../secrets/${config.networking.hostName};
   hercArgs = {
     mode = "400";
     owner = "hercules-ci-agent";
@@ -23,19 +23,19 @@ in {
     age.secrets = mkIf cfg.secrets.enable {
       binaryCache =
         {
-          file = "${baseDir}/binaryCache.age";
+          file = secretsDir + "/binaryCache.age";
         }
         // hercArgs;
 
       clusterToken =
         {
-          file = "${baseDir}/clusterToken.age";
+          file = secretsDir + "/clusterToken.age";
         }
         // hercArgs;
 
       secretsJson =
         {
-          file = "${baseDir}/secretsJson.age";
+          file = secretsDir + "/secretsJson.age";
         }
         // hercArgs;
     };