loptland: move to separate secrets file

.sops.yaml

@@ -5,3 +5,13 @@ creation_rules:
     key_groups: 
     - age:
       - *primary
+
+  - path_regex: secrets/secrets-yggdrasil.yaml$
+    key_groups: 
+    - age:
+      - *primary
+      
+  - path_regex: secrets/secrets-loptland.yaml$
+    key_groups: 
+    - age:
+      - *primary

modules/nixos/services/factorio-server/default.nix

@@ -8,25 +8,33 @@
 with lib.${namespace};
 let
   cfg = config.${namespace}.services.factorio-server;
-  inherit (lib) mkIf mkEnableOption;
+  inherit (lib) mkIf mkOption mkEnableOption;
 in
 {
   options.${namespace}.services.factorio-server = {
     enable = mkEnableOption "Enable Factorio Headless Server";
+    sopsFile = mkOption {
+      type = lib.types.path;
+      default = lib.snowfall.fs.get-file "secrets/secrets.yaml";
+      description = "SecretFile";
+    };
   };
 
   config = mkIf cfg.enable {
-    environment.systemPackages = with pkgs; [ pkgs.factorio-headless ];
+    environment.systemPackages = [ pkgs.factorio-headless ];
     sops = {
       secrets = {
         factorio_token = {
           restartUnits = [ "factorio.service" ];
+          inherit sopsFile;
         };
         factorio_username = {
           restartUnits = [ "factorio.service" ];
+          inherit sopsFile;
         };
         factorio_game_password = {
           restartUnits = [ "factorio.service" ];
+          inherit sopsFile;
         };
       };
       templates."extraSettingsFile.json".content = ''

secrets/secrets-loptland.yaml

@@ -0,0 +1,24 @@
+#ENC[AES256_GCM,data:DhmsYsRs9ig5,iv:waUaAhcSgeolFkC2z3W8aGObT3Gp/oavdFfsEUVJoco=,tag:3nVYMqj+EvOz75b8KSm/8Q==,type:comment]
+factorio_username: ENC[AES256_GCM,data:egV5kXtAiw==,iv:Hay0PC2yol5FAJGcWxLkxzNdwpD1V4UfDDnkhsjvjVQ=,tag:QBDS6eAeOswQoHBoi4Gj6A==,type:str]
+factorio_token: ENC[AES256_GCM,data:whruEJQCNIqqfMA0A3yQdwwrzpIJBt815Lvex4Au,iv:hh3zZt+UxV9ltSHIAjpTRwtDvPgPU5APrB/1bXtKUkE=,tag:AgUmBYWp+Oyxm8O7yD8vlA==,type:str]
+factorio_game_password: ENC[AES256_GCM,data:Gu/p0+Sbd6Y=,iv:6AB1T3JdleiUnusU7hw/0wOFNSBsAsBgP2yD9FB7zXk=,tag:DMgD4csthynuBon+KNZtOw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1amdd4hu6k0czf3mtlhd03yj3yzkdaynl7q5fdlqmjzpe9pwgxfjs3j0c85
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3NFlTd2hOTHBtUDhuT0lF
+            amtLclY2ZTN0SStZQjFSNkZUd1RmMkdJZ0dJCnB2WU04dk41Qk45aGphMW9GQVJ4
+            b2VWQVlOVFFLaGJWaU9FVU5ZUWtlRncKLS0tIGVPYW5DQnJMeW1qdWtINDNlQWFo
+            NmhrdXhpbVlmUFNsT1VaQjZyYkZkdzgKhL2BKXfPWNWUbFavpmtBQpnNEm/x0xH6
+            NsjiV05AcrqPmGjj2kjvTv4ULPSoHiHiC5McUMfFTYIrCJgNvUbmMg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-11-06T13:41:52Z"
+    mac: ENC[AES256_GCM,data:Z/CkDDYJQgYasgaXiIZy+Tr5Z8DjlkLg9XxmrC2cvHABpc5g6mxxSrSYG9DforI2hHvpmz5qPZQ1ztCSft9iPetFGPuWGzCNgvp9CUfMfG7sMAF/+/vEYbgU8plNMHuEAAsfsaZA4HUbM3qHEwQdXmJ6bF+AbPGuMt4z4mSuLQA=,iv:59RdAFi1SpgF3WhDFGxjCmSumn5uxgJCPGpcFJiLhzQ=,tag:mtngOX1rM1zx+VKgaZeX3g==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.1

systems/x86_64-linux/loptland/default.nix

@@ -31,7 +31,10 @@ in
     };
 
     services = {
-      factorio-server = enabled;
+      factorio-server = {
+        enable = true;
+        sopsFile = lib.snowfall.fs.get-file "secrets/secrets-loptland.yaml";
+      };
     };
 
     user.trustedPublicKeys = [