feat: kw -> nixfiles, kw.secrets -> secrets

devShell.nix

@@ -46,7 +46,7 @@ pkgs.mkShell {
     nf-update
     sumireko-apply
   ] ++ config.runners.lazy.nativeBuildInputs
-   ++ lib.optional (builtins.getEnv "TRUSTED" != "") (pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.network.nodes.all.${builtins.getEnv "HOME_HOSTNAME"}.kw.secrets.repo.bitw.source} "$@"'')
+   ++ lib.optional (builtins.getEnv "TRUSTED" != "") (pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.network.nodes.all.${builtins.getEnv "HOME_HOSTNAME"}.secrets.repo.bitw.source} "$@"'')
   ++ (map
     (node: writeShellScriptBin "${node.networking.hostName}-sd-img" ''
       nix build -f . network.nodes.${node.networking.hostName}.system.build.sdImage --show-trace

hardware/oracle/common.nix

@@ -1,9 +1,9 @@
-{ config, tf, meta, kw, pkgs, lib, inputs, ... }:  let
+{ config, tf, meta, nixfiles, pkgs, lib, inputs, ... }:  let
   oci-root = meta.deploy.targets.oci-root.tf;
-  cfg = config.kw.oci;
+  cfg = config.nixfiles.oci;
 in
 {
-  options.kw.oci = {
+  options.nixfiles.oci = {
     base = lib.mkOption {
       description = ''
         Canonical Ubuntu provides an EXT4 root filesystem.
@@ -86,19 +86,19 @@ in
           interfaces = lib.singleton interface;
           ipv4 = lib.mkOrder 1000 (tf.resources.${config.networking.hostName}.getAttr "public_ip");
           ipv6 = let
-            prefix = lib.head (lib.splitString "/" (oci-root.resources.oci_kw_subnet.importAttr "ipv6cidr_block"));
+            prefix = lib.head (lib.splitString "/" (oci-root.resources.oci_nixfiles_subnet.importAttr "ipv6cidr_block"));
-          in assert lib.hasSuffix "::" prefix; prefix + toString config.kw.oci.network.publicV6;
+          in assert lib.hasSuffix "::" prefix; prefix + toString config.nixfiles.oci.network.publicV6;
           ip = hostname: class: if hostname != config.networking.hostName then
               if class == 6 then let
-                  prefix = lib.head (lib.splitString "/" (oci-root.resources.oci_kw_subnet.importAttr "ipv6cidr_block"));
+                  prefix = lib.head (lib.splitString "/" (oci-root.resources.oci_nixfiles_subnet.importAttr "ipv6cidr_block"));
-                in assert lib.hasSuffix "::" prefix; prefix + toString config.kw.oci.network.publicV6
+                in assert lib.hasSuffix "::" prefix; prefix + toString config.nixfiles.oci.network.publicV6
               else if class == 4 then
                 tf.resources.${config.networking.hostName}.importAttr "public_ip"
                 else throw "${config.networking.hostName}: IP for ${hostname} of ${toString class} is invalid."
             else
               if class == 6 then let
-                  prefix = lib.head (lib.splitString "/" (oci-root.resources.oci_kw_subnet.importAttr "ipv6cidr_block"));
+                  prefix = lib.head (lib.splitString "/" (oci-root.resources.oci_nixfiles_subnet.importAttr "ipv6cidr_block"));
-                in assert lib.hasSuffix "::" prefix; prefix + toString config.kw.oci.network.publicV6
+                in assert lib.hasSuffix "::" prefix; prefix + toString config.nixfiles.oci.network.publicV6
               else if class == 4 then
                 tf.resources.${config.networking.hostName}.getAttr "public_ip"
                 else throw "${config.networking.hostName}: IP for ${hostname} of ${toString class} is invalid.";
@@ -111,7 +111,7 @@ in
 
       deploy.tf =
         let
-          compartment_id = oci-root.resources.oci_kw_compartment.importAttr "id";
+          compartment_id = oci-root.resources.oci_nixfiles_compartment.importAttr "id";
           inherit (tf.lib.tf) terraformExpr;
         in
         {
@@ -127,10 +127,10 @@ in
           providers.oci = {
             inputs = {
               tenancy_ocid = oci-root.outputs.oci_tenancy.import;
-              user_ocid = oci-root.resources.oci_kw_user.importAttr "id";
+              user_ocid = oci-root.resources.oci_nixfiles_user.importAttr "id";
-              fingerprint = oci-root.resources.oci_kw_apikey.importAttr "fingerprint";
+              fingerprint = oci-root.resources.oci_nixfiles_apikey.importAttr "fingerprint";
               region = oci-root.outputs.oci_region.import;
-              private_key_path = oci-root.resources.oci_kw_key_file.importAttr "filename";
+              private_key_path = oci-root.resources.oci_nixfiles_key_file.importAttr "filename";
             };
           };
           resources = lib.mkMerge [{
@@ -183,7 +183,7 @@ in
               inputs = {
                 vnic_id = tf.resources."${config.networking.hostName}_vnic".refAttr "vnic_attachments[0].vnic_id";
                 display_name = config.networking.hostName;
-                ip_address = terraformExpr ''cidrhost("${oci-root.resources.oci_kw_subnet.importAttr "ipv6cidr_block"}", ${toString cfg.network.publicV6})'';
+                ip_address = terraformExpr ''cidrhost("${oci-root.resources.oci_nixfiles_subnet.importAttr "ipv6cidr_block"}", ${toString cfg.network.publicV6})'';
               };
             };
             "${config.networking.hostName}" = {
@@ -209,8 +209,8 @@ in
                 create_vnic_details = [
                   {
                     assign_public_ip = true;
-                    subnet_id = oci-root.resources.oci_kw_subnet.importAttr "id";
+                    subnet_id = oci-root.resources.oci_nixfiles_subnet.importAttr "id";
-                    private_ip = terraformExpr ''cidrhost("${oci-root.resources.oci_kw_subnet.importAttr "cidr_block"}", ${toString cfg.network.privateV4})'';
+                    private_ip = terraformExpr ''cidrhost("${oci-root.resources.oci_nixfiles_subnet.importAttr "cidr_block"}", ${toString cfg.network.privateV4})'';
                     nsg_ids = [
                       (tf.resources.firewall_group.refAttr "id")
                     ];

hardware/oracle/default.nix

@@ -2,14 +2,14 @@
   profiles = tree.prev;
   appendedProfiles = with profiles; {
     ubuntu = { config, ... }: {
-      kw.oci.base = "Canonical Ubuntu";
+      nixfiles.oci.base = "Canonical Ubuntu";
       imports = with import (inputs.tf-nix + "/modules"); [
         nixos.ubuntu-linux
         common
       ];
     };
     oracle = { config, ... }: {
-      kw.oci.base = "Oracle Linux";
+      nixfiles.oci.base = "Oracle Linux";
       imports = with import (inputs.tf-nix + "/modules"); [
         nixos.oracle-linux
         common

hardware/wifi.nix

@@ -4,7 +4,7 @@ let
   inherit (lib.attrsets) mapListToAttrs nameValuePair;
   inherit (lib.modules) mkIf;
 in {
-  kw.secrets.variables = mapListToAttrs
+  secrets.variables = mapListToAttrs
     (field:
       nameValuePair "wireless-${field}" {
         path = "secrets/wifi";

home/base16.nix

@@ -1,7 +1,7 @@
 { config, pkgs, lib, ... }:
 
 {
-	kw.theme.enable = true;
+	nixfiles.theme.enable = true;
 
 	base16 = {
 		vim.enable = false;

home/firefox/default.nix

@@ -1,4 +1,4 @@
-{ config, lib, pkgs, nixos, kw, ... }:
+{ config, lib, pkgs, nixos, nixfiles, ... }:
 
 let
   inherit (lib.strings) toLower;
@@ -108,7 +108,7 @@ let
   };
 in
 {
-  home.file.".mozilla/tst.css" = { inherit (kw.sassTemplate { name = "tst"; src = ./tst.sass; }) source; };
+  home.file.".mozilla/tst.css" = { inherit (nixfiles.sassTemplate { name = "tst"; src = ./tst.sass; }) source; };
 
   programs.zsh.shellAliases = {
     ff-pm = "firefox --ProfileManager";
@@ -133,7 +133,7 @@ in
         id = 0;
         isDefault = true;
         settings = commonSettings;
-        userChrome = (kw.sassTemplate { name = "userChrome"; src = ./userChrome.sass; }).text;
+        userChrome = (nixfiles.sassTemplate { name = "userChrome"; src = ./userChrome.sass; }).text;
       };
     };
   };

home/kitty.nix

@@ -6,7 +6,7 @@
   '';
   programs.kitty = {
     enable = true;
-    font.name = config.kw.theme.font.termName;
+    font.name = config.nixfiles.theme.font.termName;
     settings = {
       font_size = "10.0";
       bold_font = "auto";

home/mako.nix

@@ -1,7 +1,7 @@
 { config, pkgs, lib, witch, ... }:
 
 let
-  inherit (config.kw.theme) base16;
+  inherit (config.nixfiles.theme) base16;
 in
 {
   systemd.user.services = {
@@ -21,7 +21,7 @@ in
 
   programs.mako = {
     enable = true;
-    font = "${config.kw.theme.font.name} ${toString config.kw.theme.font.size}";
+    font = "${config.nixfiles.theme.font.name} ${toString config.nixfiles.theme.font.size}";
     defaultTimeout = 3000;
     borderColor = base16.base08;
     backgroundColor = "${base16.base00}BF";

home/services/weechat.nix

@@ -1,7 +1,7 @@
 { config, lib, nixos, pkgs, tf, ... }:
 
 {
-  kw.secrets.variables = {
+  secrets.variables = {
     matrix-pass = {
       path = "social/matrix";
       field = "password";

home/shell/bitw.nix

@@ -1,7 +1,7 @@
 { config, pkgs, meta, lib, ... }: {
   programs.rbw = {
     enable = true;
-    package = lib.mkIf (meta.trusted ? secrets) (pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.kw.secrets.repo.bitw.source} "$@"'');
+    package = lib.mkIf (meta.trusted ? secrets) (pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.secrets.repo.bitw.source} "$@"'');
     settings = {
       email = "kat@kittywit.ch";
       base_url = "https://vault.kittywit.ch";

home/sway.nix

@@ -12,7 +12,7 @@ let lockCommand = config.programs.swaylock.script; in
 
   services.i3gopher = { enable = true; };
 
-  kw.theme.swaylock = true;
+  nixfiles.theme.swaylock = true;
 
   programs.zsh.profileExtra = ''
     # If running from tty1 start sway
@@ -100,9 +100,9 @@ let lockCommand = config.programs.swaylock.script; in
             };
           };
           fonts = {
-            names = [ config.kw.theme.font.name ];
+            names = [ config.nixfiles.theme.font.name ];
             style = "Regular";
-            size = config.kw.theme.font.size;
+            size = config.nixfiles.theme.font.size;
           };
           terminal = "${pkgs.wezterm}/bin/wezterm";
           menu = "${pkgs.j4-dmenu-desktop}/bin/j4-dmenu-desktop --no-generic --dmenu=\"${dmenu}\" --term='${pkgs.wezterm}/bin/wezterm'";
@@ -265,7 +265,7 @@ let lockCommand = config.programs.swaylock.script; in
             "${cfg.modifier}+Delete" = ''mode "System (l) lock, (e) logout, (s) suspend, (h) hibernate, (r) reboot, (Shift+s) shutdown"'';
           };
 
-          colors = let inherit (config.kw.theme) base16; in
+          colors = let inherit (config.nixfiles.theme) base16; in
             {
               focused = {
                 border = base16.base01;

home/syncplay.nix

@@ -3,7 +3,7 @@
 let
   inherit (lib.modules) mkForce;
 in {
-  kw.secrets.variables = {
+  secrets.variables = {
     syncplay-pass = {
       path = "services/media/syncplay";
       field = "password";

home/waybar/default.nix

@@ -1,7 +1,7 @@
-{ config, lib, pkgs, kw, ... }:
+{ config, lib, pkgs, nixfiles, ... }:
 
 {
-	xdg.configFile."waybar/style.css" = { inherit (kw.sassTemplate { name = "waybar-style"; src = ./waybar.sass; }) source; };
+	xdg.configFile."waybar/style.css" = { inherit (nixfiles.sassTemplate { name = "waybar-style"; src = ./waybar.sass; }) source; };
 
 #systemd.user.services.waybar.Service.Environment = lib.singleton "NOTMUCH_CONFIG=${config.home.sessionVariables.NOTMUCH_CONFIG}";
 

home/wezterm.nix

@@ -10,8 +10,8 @@
 		return {
       check_for_updates = true,
 			enable_tab_bar = true,
-			font = wezterm.font "${config.kw.theme.font.termName}",
+			font = wezterm.font "${config.nixfiles.theme.font.termName}",
-			font_size = ${toString config.kw.theme.font.size},
+			font_size = ${toString config.nixfiles.theme.font.size},
 		}
 	'';
 }

home/wofi/default.nix

@@ -1,5 +1,5 @@
-{ config, kw, ... }:
+{ config, nixfiles, ... }:
 
 {
-  xdg.configFile."wofi/wofi.css" = { inherit (kw.sassTemplate { name = "wofi-style"; src = ./wofi.sass; }) source; };
+  xdg.configFile."wofi/wofi.css" = { inherit (nixfiles.sassTemplate { name = "wofi-style"; src = ./wofi.sass; }) source; };
 }

meta.nix

@@ -10,7 +10,7 @@
     esphomeNodes = (map
     (node: {
       network.nodes.esphome.${node} = {
-        imports = config.lib.kw.esphomeImport node;
+        imports = config.lib.nixfiles.esphomeImport node;
         esphome = {
           name = node;
         };
@@ -20,7 +20,7 @@
     nixosNodes = (map
     (node: {
       network.nodes.nixos.${node} = {
-        imports = config.lib.kw.nixosImport node;
+        imports = config.lib.nixfiles.nixosImport node;
         networking = {
           hostName = node;
         };
@@ -30,7 +30,7 @@
     darwinNodes = (map
     (node: {
       network.nodes.darwin.${node} = {
-        imports = config.lib.kw.darwinImport node;
+        imports = config.lib.nixfiles.darwinImport node;
         networking = {
           hostName = node;
         };

modules/esphome/deploy.nix

@@ -102,7 +102,9 @@ in {
         field = head (reverseList parts);
         path = if length parts > 1 then head parts else "password";
       in nameValuePair "${config.esphome.name}-secret-${name}" ({
-        value.shellCommand = "bitw get ${path} -f ${field}";
+        value.shellCommand = let
+          bitw = pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.network.nodes.all.${builtins.getEnv "HOME_HOSTNAME"}.secrets.repo.bitw.source} "$@"'';
+        in "${bitw}/bin/bitw get ${path} -f ${field}";
         type = "string";
         sensitive = true;
       })

modules/home/secrets.nix

@@ -1,43 +1,3 @@
-{ config, nixos, lib, ... }:
+{ config, nixos, ... }: {
-
+  secrets.repo = nixos.secrets.repo;
-with lib;
-
-let
-  secretType = types.submodule ({ name, ... }: {
-    options = {
-      path = mkOption { type = types.str; };
-      field = mkOption {
-        type = types.str;
-        default = "";
-      };
-    };
-  });
-  repoSecretType = types.submodule ({ name, ... }: {
-    options = {
-      source = mkOption {
-        type = types.path;
-      };
-      text = mkOption {
-        type = types.str;
-      };
-    };
-  });
-  cfg = config.kw.secrets;
-in
-{
-  options.kw = {
-    secrets = {
-      variables = mkOption {
-        type = types.attrsOf secretType;
-        default = { };
-      };
-      repo = mkOption {
-        type = types.attrsOf repoSecretType;
-        default = { };
-      };
-    };
-  };
-  config = {
-    kw.secrets.repo = nixos.kw.secrets.repo;
-  };
 }

modules/home/theme.nix

@@ -7,9 +7,9 @@
 
 with lib;
 
-let cfg = config.kw.theme; in
+let cfg = config.nixfiles.theme; in
 {
-  options.kw.theme = {
+  options.nixfiles.theme = {
     enable = mkEnableOption "kat's theme module";
     sass = {
       variables = mkOption {
@@ -55,7 +55,7 @@ let cfg = config.kw.theme; in
     };
   };
   config = mkIf (cfg.enable) {
-    kw.theme = {
+    nixfiles.theme = {
       base16 = lib.mapAttrs' (k: v: lib.nameValuePair k "#${v.hex}")
         (lib.filterAttrs (n: _: lib.hasInfix "base" n) config.base16.defaultScheme);
       base16t = lib.mapAttrs' (k: v: lib.nameValuePair "${k}t" "rgba(${toString v.red.byte}, ${toString v.green.byte}, ${toString v.blue.byte}, ${toString cfg.alpha})")
@@ -132,7 +132,7 @@ let cfg = config.kw.theme; in
       Install = { WantedBy = [ "sway-session.target" ]; };
     };
 
-    lib.kw.sassTemplate = { name, src }:
+    lib.nixfiles.sassTemplate = { name, src }:
       let
         variables = pkgs.writeText "base-variables.sass" ''
           ${(concatStringsSep "\n" (mapAttrsToList(var: con: "\$${var}: ${con}") cfg.sass.variables))}
@@ -153,6 +153,6 @@ let cfg = config.kw.theme; in
         inherit source;
         text = builtins.readFile source;
       };
-    _module.args = { inherit (config.lib) kw; };
+    _module.args = { inherit (config.lib) nixfiles; };
   };
 }

modules/meta/deploy.nix

@@ -78,7 +78,7 @@ in
                   tree.impure.modules.tf
                 ];
                 deploy.gcroot = {
-                  name = mkDefault "kw-${config.name}";
+                  name = mkDefault "nixfiles-${config.name}";
                   user = mkIf (builtins.getEnv "HOME_USER" != "") (mkDefault (builtins.getEnv "HOME_USER"));
                 };
                 providers.local = { };

modules/meta/imports.nix

@@ -42,24 +42,24 @@ with lib;
       homeImports = [];
       users = mkDefault (singleton "kat");
     };
-    lib.kw.nixosImport = hostName: lib.nodeImport {
+    lib.nixfiles.nixosImport = hostName: lib.nodeImport {
       inherit (config.network.importing) nixosImports homeImports users;
       profiles = meta.nixos;
       inherit hostName;
     };
-    lib.kw.esphomeImport = hostName: lib.nodeImport {
+    lib.nixfiles.esphomeImport = hostName: lib.nodeImport {
       nixosImports = config.network.importing.esphomeImports;
       homeImports = [];
       users = [];
       profiles = { base = { }; };
       inherit hostName;
     };
-    lib.kw.darwinImport = hostName: lib.nodeImport {
+    lib.nixfiles.darwinImport = hostName: lib.nodeImport {
       nixosImports = config.network.importing.darwinImports;
       profiles = meta.darwin;
       inherit (config.network.importing) homeImports users;
       inherit hostName;
     };
-    _module.args = { inherit (config.lib) kw; };
+    _module.args = { inherit (config.lib) nixfiles; };
   };
 }

modules/meta/network.nix

@@ -152,8 +152,8 @@ with lib;
       extraModules = [
           inputs.home-manager.darwinModules.home-manager
           meta.modules.darwin
-          meta.modules.system.genesis
           meta.modules.system
+          meta.modules.type
           meta.system
       ];
       specialArgs = {
@@ -164,9 +164,9 @@ with lib;
     nixos = {
       extraModules = [
           inputs.home-manager.nixosModules.home-manager
-          meta.modules.system.genesis
           meta.modules.nixos
           meta.modules.system
+          meta.modules.type
           meta.nixos.network
           meta.system
       ];

modules/meta/secrets.nix

@@ -1,8 +1,8 @@
 { config, pkgs, lib, ... }: with lib; {
-  options.kw.secrets.command = mkOption {
+  options.secrets.command = mkOption {
     type = types.str;
     default = let
-      bitw = pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.network.nodes.all.${builtins.getEnv "HOME_HOSTNAME"}.kw.secrets.repo.bitw.source} "$@"'';
+      bitw = pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.network.nodes.all.${builtins.getEnv "HOME_HOSTNAME"}.secrets.repo.bitw.source} "$@"'';
     in
     "${bitw}/bin/bitw get";
   };

modules/nixos/secrets.nix

@@ -1,21 +1,13 @@
-{ config, lib, meta, ... }:
+{ config, lib, meta, ... }: with lib; {
-
+  config = mkIf (config.secrets.variables != { }) {
-with lib;
-
-let
-  mcfg = meta.kw.secrets;
-  cfg = config.kw.secrets;
-in
-{
-  config = mkIf (cfg.variables != { }) {
       deploy.tf.variables = mapAttrs'
         (name: content:
           nameValuePair name ({
-            value.shellCommand = "${mcfg.command} ${content.path}" + optionalString (content.field != "") " -f ${content.field}";
+            value.shellCommand = "${meta.secrets.command} ${content.path}" + optionalString (content.field != "") " -f ${content.field}";
             type = "string";
             sensitive = true;
           })
         )
-        cfg.variables;
+        config.secrets.variables;
     };
 }

modules/system/secrets.nix

@@ -1,44 +1,3 @@
-{ config, lib, meta, ... }:
+{ config, lib, meta, ... }: with lib; {
-
+  secrets.variables = lib.mkMerge (mapAttrsToList (username: user: user.secrets.variables) config.home-manager.users);
-with lib;
-
-let
-  secretType = types.submodule ({ name, ... }: {
-    options = {
-      path = mkOption { type = types.str; };
-      field = mkOption {
-        type = types.str;
-        default = "";
-      };
-    };
-  });
-  repoSecretType = types.submodule ({ name, ... }: {
-    options = {
-      source = mkOption {
-        type = types.path;
-      };
-      text = mkOption {
-        type = types.str;
-      };
-    };
-  });
-  mcfg = meta.kw.secrets;
-  cfg = config.kw.secrets;
-in
-{
-  options.kw = {
-    secrets = {
-      variables = mkOption {
-        type = types.attrsOf secretType;
-        default = { };
-      };
-      repo = mkOption {
-        type = types.attrsOf repoSecretType;
-        default = { };
-      };
-    };
-  };
-  config = {
-      kw.secrets.variables = lib.mkMerge (mapAttrsToList (username: user: user.kw.secrets.variables) config.home-manager.users);
-  };
 }

modules/tf/katdns.nix

@@ -1,16 +1,17 @@
 { config, lib, ... }:  with lib; {
+
   variables.katdns-address = {
-    value.shellCommand = "${meta.kw.secrets.command} secrets/katdns -f address";
+    value.shellCommand = "${meta.secrets.command} secrets/katdns -f address";
     type = "string";
     sensitive = true;
   };
   variables.katdns-name = {
-    value.shellCommand = "${meta.kw.secrets.command} secrets/katdns -f username";
+    value.shellCommand = "${meta.secrets.command} secrets/katdns -f username";
     type = "string";
     sensitive = true;
   };
   variables.katdns-key = {
-    value.shellCommand = "${meta.kw.secrets.command} secrets/katdns -f password";
+    value.shellCommand = "${meta.secrets.command} secrets/katdns -f password";
     type = "string";
     sensitive = true;
   };

nixos/kat.nix

@@ -11,7 +11,7 @@
     ];
     shell = pkgs.zsh;
     extraGroups = [ "wheel" "video" "systemd-journal" "plugdev" "bird2" "vfio" "input" "uinput" ];
-    hashedPassword = mkIf (meta.trusted ? secrets) (removeSuffix "\n" config.kw.secrets.repo.kat-user.text);
+    hashedPassword = mkIf (meta.trusted ? secrets) (removeSuffix "\n" config.secrets.repo.kat-user.text);
   };
 
   systemd.tmpfiles.rules = [

nixos/network.nix

@@ -302,7 +302,7 @@
       variables = {
         tailscale-authkey.export = true;
         tailscale-apikey = {
-          value.shellCommand = "${meta.kw.secrets.command} secrets/tailscale -f api_key";
+          value.shellCommand = "${meta.secrets.command} secrets/tailscale -f api_key";
           sensitive = true;
           export = true;
         };

nixos/systems/daiyousei.nix

@@ -1,4 +1,4 @@
-{ config, inputs, tf, meta, kw, pkgs, lib, ... }: with lib; {
+{ config, inputs, tf, meta, nixfiles, pkgs, lib, ... }: with lib; {
   imports = with meta; [
     hardware.aarch64-linux
     hardware.oracle.ubuntu
@@ -23,7 +23,7 @@
     services.znc
   ];
 
-  kw.oci = {
+  nixfiles.oci = {
     specs = {
       shape = "VM.Standard.A1.Flex";
       cores = 4;

nixos/systems/rinnosuke.nix

@@ -1,4 +1,4 @@
-{ config, tf, meta, kw, pkgs, lib, ... }: with lib; {
+{ config, tf, meta, nixfiles, pkgs, lib, ... }: with lib; {
   imports = with meta; [
     hardware.oracle.ubuntu
     nixos.network
@@ -6,7 +6,7 @@
     services.knot
   ];
 
-  kw.oci = {
+  nixfiles.oci = {
     specs = {
       shape = "VM.Standard.E2.1.Micro";
       cores = 1;

nixos/systems/tewi/home-assistant.nix

@@ -17,7 +17,7 @@
     ];
   };
 
-  kw.secrets.variables.ha-integration = {
+  secrets.variables.ha-integration = {
     path = "secrets/home-assistant";
     field = "notes";
   };

nixos/systems/tewi/mosquitto.nix

@@ -6,22 +6,22 @@
     ];
   };
 
-  kw.secrets.variables.z2m-pass = {
+  secrets.variables.z2m-pass = {
     path = "secrets/mosquitto";
     field = "z2m";
   };
 
-  kw.secrets.variables.systemd-pass = {
+  secrets.variables.systemd-pass = {
     path = "secrets/mosquitto";
     field = "systemd";
   };
 
-  kw.secrets.variables.hass-pass = {
+  secrets.variables.hass-pass = {
     path = "secrets/mosquitto";
     field = "hass";
   };
 
-  kw.secrets.variables.espresence-pass = {
+  secrets.variables.espresence-pass = {
     path = "secrets/mosquitto";
     field = "espresence";
   };

nixos/systems/tewi/vouch.nix

@@ -62,12 +62,12 @@
     };
   };
   config = {
-    kw.secrets.variables.gensokyo-id = {
+    secrets.variables.gensokyo-id = {
       path = "secrets/id.gensokyo.zone";
       field = "client_secret";
     };
 
-    kw.secrets.variables.gensokyo-jwt = {
+    secrets.variables.gensokyo-jwt = {
       path = "secrets/id.gensokyo.zone";
       field = "jwt";
     };

nixos/systems/tewi/zigbee2mqtt.nix

@@ -6,12 +6,12 @@
     ];
   };
 
-  kw.secrets.variables.z2m-mqtt-password = {
+  secrets.variables.z2m-mqtt-password = {
     path = "secrets/mosquitto";
     field = "z2m";
   };
 
-  kw.secrets.variables.z2m-network-key = {
+  secrets.variables.z2m-network-key = {
     path = "secrets/zigbee2mqtt";
     field = "password";
   };

services/filehost.nix

@@ -16,7 +16,7 @@
         fi
   '';
 in {
-  kw.secrets.variables.xbackbone-ldap = {
+  secrets.variables.xbackbone-ldap = {
     path = "secrets/xbackbone";
     field = "password";
   };

services/gitea/default.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, tf, ... }:
 
 {
-  kw.secrets.variables = {
+  secrets.variables = {
     gitea-mail-pass = {
       path = "secrets/mail-kittywitch";
       field = "gitea-pass";

services/ha.nix

@@ -55,7 +55,7 @@
 
   systemd.services.home-assistant.reloadTriggers = lib.mkForce [ ];
 
-  kw.secrets.variables.z2m-network-key = {
+  secrets.variables.z2m-network-key = {
     path = "secrets/zigbee2mqtt";
     field = "password";
   };

services/hedgedoc.nix

@@ -1,7 +1,7 @@
 { config, lib, tf, ... }: with lib;
 
 {
-  kw.secrets.variables = (mapListToAttrs
+  secrets.variables = (mapListToAttrs
     (field:
       nameValuePair "hedgedoc-${field}" {
         path = "secrets/hedgedoc";

services/jira.nix

@@ -33,7 +33,7 @@
   };
 
 
-  kw.secrets.variables.jira-postgres = {
+  secrets.variables.jira-postgres = {
     path = "secrets/jira";
     field = "password";
   };

services/keycloak.nix

@@ -47,7 +47,7 @@ in {
     group = "keycloak";
   };
 
-  kw.secrets.variables.keycloak-postgres = {
+  secrets.variables.keycloak-postgres = {
     path = "services/keycloak";
     field = "postgres";
   };

services/knot/default.nix

@@ -1,7 +1,7 @@
 { config, lib, tf, pkgs, ... }:
 
 {
-  kw.secrets.variables = {
+  secrets.variables = {
     katdns-key-config = {
       path = "secrets/katdns";
       field = "notes";

services/mail/dns.nix

@@ -2,7 +2,7 @@
   domains = [ "dork" "kittywitch" ];
 in {
 
-  kw.secrets.variables = listToAttrs (map
+  secrets.variables = listToAttrs (map
     (domain:
       nameValuePair "mail-domainkey-${domain}" {
         path = "secrets/mail-${domain}";

services/mail/dovecot.nix

@@ -180,7 +180,7 @@ in
     params.dovecot2 = { };
   };
 
-  kw.secrets.variables."dovecot-ldap-password" = {
+  secrets.variables."dovecot-ldap-password" = {
     path = "services/dovecot";
     field = "password";
   };

services/mail/postfix.nix

@@ -19,7 +19,7 @@ let
         dork.dev   REJECT Get lost - you're lying about who you are
   '';
 in {
-  kw.secrets.variables."postfix-ldap-password" = {
+  secrets.variables."postfix-ldap-password" = {
     path = "services/dovecot";
     field = "password";
   };

services/mail/sogo.nix

@@ -1,5 +1,5 @@
 { config, tf, lib, ... }: with lib; {
-  kw.secrets.variables.sogo-ldap = {
+  secrets.variables.sogo-ldap = {
     path = "secrets/sogo";
     field = "password";
   };

services/murmur-ldap/default.nix

@@ -1,7 +1,7 @@
 { config, lib, tf, pkgs, ... }: with lib; let
   murmurLdapScript = ./LDAPauth.py;
 in {
-  kw.secrets.variables = {
+  secrets.variables = {
     murmur-ldap-pass = {
       path = "social/mumble";
       field = "ldap";

services/murmur.nix

@@ -12,7 +12,7 @@ in
     udp = singleton 64738;
   };
 
-  kw.secrets.variables = {
+  secrets.variables = {
     murmur-password = {
       path = "social/mumble";
       field = "password";

services/nextcloud.nix

@@ -1,7 +1,7 @@
-{ config, pkgs, lib, tf, kw, ... }: with lib; let
+{ config, pkgs, lib, tf, nixfiles, ... }: with lib; let
   cfg = config.services.nextcloud;
 in {
-  kw.secrets.variables =
+  secrets.variables =
     mapListToAttrs
       (field:
         nameValuePair "nextcloud-${field}" {

services/nfs.nix

@@ -1,4 +1,4 @@
-{ config, lib, kw, ... }:
+{ config, lib, nixfiles, ... }:
 
 with lib;
 

services/openldap/default.nix

@@ -163,7 +163,7 @@
   };
 
 
-  kw.secrets.variables = mapListToAttrs
+  secrets.variables = mapListToAttrs
     (field:
       nameValuePair "openldap-${field}" {
         path = "services/openldap";

services/plex.nix

@@ -1,4 +1,4 @@
-{ config, kw, pkgs, lib, ... }: {
+{ config, nixfiles, pkgs, lib, ... }: {
     networks.chitei.tcp = [ 32400 ];
     services = {
     plex = {

services/synapse.nix

@@ -13,7 +13,7 @@ with lib;
     LC_CTYPE = "C";
   '';
 
-  kw.secrets.variables = (mapListToAttrs
+  secrets.variables = (mapListToAttrs
     (field:
       nameValuePair "mautrix-telegram-${field}" {
         path = "secrets/mautrix-telegram";

services/syncplay.nix

@@ -4,7 +4,7 @@ with lib;
 
 {
 
-  kw.secrets.variables =
+  secrets.variables =
     let
       fieldAdapt = field: if field == "pass" then "password" else field;
     in

services/tt-rss.nix

@@ -1,5 +1,5 @@
 { config, pkgs, lib, tf, ... }: with lib; {
-  kw.secrets.variables = mapListToAttrs
+  secrets.variables = mapListToAttrs
     (field:
       nameValuePair "ttrss-${field}" {
         path = "secrets/ttrss";

services/tvheadend.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, lib, kw, ... }:
+{ config, pkgs, lib, nixfiles, ... }:
 
 {
   hardware.firmware = [ pkgs.libreelec-dvb-firmware ];

services/vaultwarden.nix

@@ -1,7 +1,7 @@
 { config, pkgs, lib, tf, ... }: with lib;
 
 {
-  kw.secrets.variables = mapListToAttrs (field:
+  secrets.variables = mapListToAttrs (field:
     nameValuePair "vaultwarden-${field}" {
       path = "secrets/vaultwarden";
       inherit field;

services/vikunja.nix

@@ -40,7 +40,7 @@ let
   };
 in {
 
-  kw.secrets.variables = (mapListToAttrs
+  secrets.variables = (mapListToAttrs
     (field:
       nameValuePair "vikunja-${field}" {
         path = "secrets/vikunja";

services/znc.nix

@@ -51,7 +51,7 @@ in
   # ZNC
   networks.internet.tcp = singleton 5001;
 
-  kw.secrets.variables =
+  secrets.variables =
     let
       fieldAdapt = field: if field == "cert" then "notes" else if field == "pass" then "password" else field;
     in
@@ -190,7 +190,7 @@ in
           };
         };
       })
-      (mkIf (meta.trusted ? secrets) (import config.kw.secrets.repo.znc.source))
+      (mkIf (meta.trusted ? secrets) (import config.secrets.repo.znc.source))
     ];
     configFile = config.secrets.files.znc-config.path;
   };

system/home.nix

@@ -11,6 +11,7 @@ with lib;
     sharedModules = [
       inputs.nix-doom-emacs.hmModule
       meta.modules.home
+      meta.modules.type
     ];
     useUserPackages = true;
     useGlobalPkgs = true;

targets/home.nix

@@ -6,7 +6,7 @@
       imports = optional (builtins.pathExists ../services/irlmail.nix) ../services/irlmail.nix;
 
   variables.tailscale-apikey = {
-    value.shellCommand = "${meta.kw.secrets.command} secrets/tailscale -f api_key";
+    value.shellCommand = "${meta.secrets.command} secrets/tailscale -f api_key";
     sensitive = true;
     export = true;
   };

targets/oci-root.nix

@@ -43,43 +43,43 @@
         };
 
         resources = {
-          oci_kw_compartment = {
+          oci_nixfiles_compartment = {
             provider = "oci.oci-root";
             type = "identity_compartment";
             inputs = {
-              name = "kw";
+              name = "nixfiles";
-              description = "kw";
+              description = "nixfiles";
               compartment_id = var.oci_root_tenancy.ref;
               enable_delete = true;
             };
           };
-          oci_kw_user = {
+          oci_nixfiles_user = {
             provider = "oci.oci-root";
             type = "identity_user";
             inputs = {
-              name = "kw";
+              name = "nixfiles";
-              description = "kw";
+              description = "nixfiles";
               compartment_id = var.oci_root_tenancy.ref;
             };
           };
-          oci_kw_group = {
+          oci_nixfiles_group = {
             provider = "oci.oci-root";
             type = "identity_group";
             inputs = {
-              name = "kw";
+              name = "nixfiles";
-              description = "kw";
+              description = "nixfiles";
               compartment_id = var.oci_root_tenancy.ref;
             };
           };
-          oci_kw_usergroup = {
+          oci_nixfiles_usergroup = {
             provider = "oci.oci-root";
             type = "identity_user_group_membership";
             inputs = {
-              group_id = res.oci_kw_group.refAttr "id";
+              group_id = res.oci_nixfiles_group.refAttr "id";
-              user_id = res.oci_kw_user.refAttr "id";
+              user_id = res.oci_nixfiles_user.refAttr "id";
             };
           };
-          oci_kw_key = {
+          oci_nixfiles_key = {
             provider = "tls";
             type = "private_key";
             inputs = {
@@ -87,35 +87,35 @@
               rsa_bits = 2048;
             };
           };
-          oci_kw_key_file = {
+          oci_nixfiles_key_file = {
             provider = "local";
             type = "file";
             inputs = {
-              sensitive_content = res.oci_kw_key.refAttr "private_key_pem";
+              sensitive_content = res.oci_nixfiles_key.refAttr "private_key_pem";
-              filename = toString (config.terraform.dataDir + "/oci_kw_key");
+              filename = toString (config.terraform.dataDir + "/oci_nixfiles_key");
               file_permission = "0600";
             };
           };
-          oci_kw_apikey = {
+          oci_nixfiles_apikey = {
             provider = "oci.oci-root";
             type = "identity_api_key";
             inputs = {
-              key_value = res.oci_kw_key.refAttr "public_key_pem";
+              key_value = res.oci_nixfiles_key.refAttr "public_key_pem";
-              user_id = res.oci_kw_user.refAttr "id";
+              user_id = res.oci_nixfiles_user.refAttr "id";
             };
           };
-          oci_kw_policy = {
+          oci_nixfiles_policy = {
             provider = "oci.oci-root";
             type = "identity_policy";
             inputs = {
-              name = "kw-admin";
+              name = "nixfiles-admin";
-              description = "kw admin";
+              description = "nixfiles admin";
               compartment_id = var.oci_root_tenancy.ref;
               statements = [
-                "Allow group ${res.oci_kw_group.refAttr "name"} to manage all-resources in compartment id ${res.oci_kw_compartment.refAttr "id"}"
+                "Allow group ${res.oci_nixfiles_group.refAttr "name"} to manage all-resources in compartment id ${res.oci_nixfiles_compartment.refAttr "id"}"
-                "Allow group ${res.oci_kw_group.refAttr "name"} to read virtual-network-family in compartment id ${var.oci_root_tenancy.ref}"
+                "Allow group ${res.oci_nixfiles_group.refAttr "name"} to read virtual-network-family in compartment id ${var.oci_root_tenancy.ref}"
                 ''
-                  Allow group ${res.oci_kw_group.refAttr "name"} to manage vcns in compartment id ${var.oci_root_tenancy.ref} where ALL {
+                  Allow group ${res.oci_nixfiles_group.refAttr "name"} to manage vcns in compartment id ${var.oci_root_tenancy.ref} where ALL {
                   ANY { request.operation = 'CreateNetworkSecurityGroup', request.operation = 'DeleteNetworkSecurityGroup' }
                   }
                 ''
@@ -166,14 +166,14 @@
               vcn_id = res.oci_vcn.refAttr "id";
             };
           };
-          oci_kw_subnet = {
+          oci_nixfiles_subnet = {
             provider = "oci.oci-root";
             type = "core_subnet";
             inputs = {
-              display_name = "kw";
+              display_name = "nixfiles";
               cidr_block = terraformExpr "cidrsubnet(${res.oci_vcn.namedRef}.cidr_blocks[0], 8, 8)"; # /24
               ipv6cidr_block = terraformExpr "cidrsubnet(${res.oci_vcn.namedRef}.ipv6cidr_blocks[0], 8, 0)"; # from a /56 block to /64
-              compartment_id = res.oci_kw_compartment.refAttr "id";
+              compartment_id = res.oci_nixfiles_compartment.refAttr "id";
               vcn_id = res.oci_vcn.refAttr "id";
               route_table_id = res.oci_routes.refAttr "id";
             };

trusted/flake.lock

@@ -3,11 +3,11 @@
     "arcexprs": {
       "flake": false,
       "locked": {
-        "lastModified": 1664324035,
+        "lastModified": 1664737885,
-        "narHash": "sha256-X/aULANyF9pHR+OejllcIG1vSs4H0sis5212dt6i/Xo=",
+        "narHash": "sha256-ppcK2iEo949aGMVVXoqYs3H0K0jhPTDdUj+Dt1abIW0=",
         "owner": "arcnmx",
         "repo": "nixexprs",
-        "rev": "6b308153ddc58f1ed5e3223cb242ac4867ef5712",
+        "rev": "4e09592dade1388d900ab3524bc240ce75b14abb",
         "type": "github"
       },
       "original": {
@@ -20,11 +20,11 @@
     "ci": {
       "flake": false,
       "locked": {
-        "lastModified": 1658370007,
+        "lastModified": 1664566287,
-        "narHash": "sha256-gKxTtjSPwTNp1Lcqynw8HYDSq/wtF7EmF4NvS0dyeb8=",
+        "narHash": "sha256-DysbqsNrLAGI4VU9HlP3qXe1b0P3N9mGGttmr3xUCHU=",
         "owner": "arcnmx",
         "repo": "ci",
-        "rev": "5cec82ebd5614fdeaaf442c4390451e2f483fdc4",
+        "rev": "3f5f6df67088485d422b97d3a41fe259e2bdc53e",
         "type": "github"
       },
       "original": {
@@ -92,11 +92,11 @@
     "emacs-overlay": {
       "flake": false,
       "locked": {
-        "lastModified": 1662654452,
+        "lastModified": 1664478431,
-        "narHash": "sha256-mrr161UOnVNx2pzR9ePmhVlxapzQ57ZDSLb9BRgW0bo=",
+        "narHash": "sha256-XTPklm/+e2UfIitB0+s/fKTheMJSw3G1p+t0SsBCuo4=",
         "owner": "nix-community",
         "repo": "emacs-overlay",
-        "rev": "70e241d5b189982dabc1fe55829475c5c483c89d",
+        "rev": "6c78924bc5b6daaf98c0dbe63bdfcf80e6433f4b",
         "type": "github"
       },
       "original": {
@@ -348,11 +348,11 @@
         "ws-butler": "ws-butler"
       },
       "locked": {
-        "lastModified": 1662839665,
+        "lastModified": 1664622347,
-        "narHash": "sha256-TGSRXMmRTn4eza3q0XvqpuPoeCnkktPeD0TaM/V1pZ0=",
+        "narHash": "sha256-pJTnEG68PhrXjpkfz/784BlcxaHgV06b1cUVGRxhMdw=",
         "owner": "nix-community",
         "repo": "nix-doom-emacs",
-        "rev": "acbf1b70335d4fd6a6c05bc417d7f3ca44739437",
+        "rev": "b65e204ce9d20b376acc38ec205d08007eccdaef",
         "type": "github"
       },
       "original": {
@@ -395,11 +395,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1664474132,
+        "lastModified": 1664742955,
-        "narHash": "sha256-leeynikJOn2sxA03UvIzKiyctFeSLCGuh5tf0Uh6/1M=",
+        "narHash": "sha256-jiD8gHTERZLzIFwnaXzXDDSjR44Fs1JhRujcNq3jNnA=",
         "owner": "kittywitch",
         "repo": "nixfiles",
-        "rev": "a0f9d0ab488632eb163885f0e817d83ca5d663ab",
+        "rev": "9794026f6c22b49518c285b4452ea4c8dd9ae7bf",
         "type": "github"
       },
       "original": {
@@ -410,11 +410,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1664281702,
+        "lastModified": 1664538465,
-        "narHash": "sha256-haixZ4TJLu1Dciow54wrHrHvlGDVr5sW6MTeAV/ZLuI=",
+        "narHash": "sha256-EnlC7dDKX7X1wlnXkB1gmn9rBZQ0J9+biVTZHw//8us=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "7e52b35fe98481a279d89f9c145f8076d049d2b9",
+        "rev": "10ecda252ce1b3b1d6403caeadbcc8f30d5ab796",
         "type": "github"
       },
       "original": {
@@ -442,11 +442,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1664382743,
+        "lastModified": 1664718272,
-        "narHash": "sha256-rtDxdzj5IBvO114QP9gyfjVt9N7tZWd0e2/RQxrDtw4=",
+        "narHash": "sha256-BNnUks1BKzBr8HzoKBFQ8a7/avQhDkKCu0DSgW1ulcY=",
         "owner": "nix-community",
         "repo": "nur",
-        "rev": "8ca43145e3b31861d807c8df3ce53f559c3b5762",
+        "rev": "392b26288ad1cdebd03eac17adb70491f9f392d3",
         "type": "github"
       },
       "original": {
@@ -475,11 +475,11 @@
     "org": {
       "flake": false,
       "locked": {
-        "lastModified": 1662614940,
+        "lastModified": 1664493874,
-        "narHash": "sha256-9eAqhKXpTfZQH3bn19ien3HIzF100h8z97iHqs/QUgY=",
+        "narHash": "sha256-8zLosjfQX0aR5HprtCeiSqN1pfB+GEUF9AULk6WRcR4=",
         "owner": "emacs-straight",
         "repo": "org-mode",
-        "rev": "eb5ef0ae1424a725f933ef3929e5396a2ab727ab",
+        "rev": "fe1f4f2ccf040deff9c57288d987f17cc2da321f",
         "type": "github"
       },
       "original": {
@@ -491,11 +491,11 @@
     "org-contrib": {
       "flake": false,
       "locked": {
-        "lastModified": 1661026052,
+        "lastModified": 1664301003,
-        "narHash": "sha256-rE7aioQxeVjo+TVI4DIppKkmf/c7tRNzK6hQJAmUnVE=",
+        "narHash": "sha256-8CAq/EB52RMQHNLZM0uc/1N5gKTfxGhf7WFt9sMKoD8=",
         "owner": "emacsmirror",
         "repo": "org-contrib",
-        "rev": "0740bd3fe69c4b327420185d931dcf0a9900a80e",
+        "rev": "aa104c0bbc3113f6d3d167b20bd8d6bf6a285f0f",
         "type": "github"
       },
       "original": {
@@ -539,11 +539,11 @@
     "revealjs": {
       "flake": false,
       "locked": {
-        "lastModified": 1662369032,
+        "lastModified": 1664012352,
-        "narHash": "sha256-1BZWA3W77YbNZUj+7vJbkTeWY8O4jjPg7t5PvlEVDYA=",
+        "narHash": "sha256-Pu5p6HqIO2wvWiTEhsQyIuwlWEIa1GjO3EDXosznyYE=",
         "owner": "hakimel",
         "repo": "reveal.js",
-        "rev": "8a97ad58b04045fe5a9c964aa31659bd27e665c5",
+        "rev": "468132320d6e072abd1297d7cc24766a2b7a832d",
         "type": "github"
       },
       "original": {
@@ -610,11 +610,11 @@
     "trusted": {
       "flake": false,
       "locked": {
-        "lastModified": 1657482041,
+        "lastModified": 1664745519,
-        "narHash": "sha256-AEC0DO586Xq5NcYwyEBAosFj5VRSwLSPZCH5v5ri11s=",
+        "narHash": "sha256-tUNmmEjJ6KOOPkHCkJytv4KemXf4idM8erPQgOr7SWc=",
         "ref": "main",
-        "rev": "76779729b344d8427f05d9e78c76a19daa7cc2a8",
+        "rev": "f89074f4500dddb1962d49f3f542ce41d7beee87",
-        "revCount": 92,
+        "revCount": 93,
         "type": "git",
         "url": "ssh://git@github.com/kittywitch/nixfiles-trusted"
       },
@@ -627,11 +627,11 @@
     "ts-fold": {
       "flake": false,
       "locked": {
-        "lastModified": 1662386895,
+        "lastModified": 1663136308,
-        "narHash": "sha256-pYW2hcHgkr9KYdRvX2EkpOt/OL8yl+mkZ21JbMKWc8Q=",
+        "narHash": "sha256-FI25RLoHqhcjA2qel75LVmQH4rTkKiAUR2w9QODT1XM=",
         "owner": "jcs-elpa",
         "repo": "ts-fold",
-        "rev": "017402713bd2f1fd7a691aa48afb4330f5397432",
+        "rev": "c3da5520b988720f7f6e9e5e11b60746598112e0",
         "type": "github"
       },
       "original": {