feat: add private secrets flake for flake purity

SwarselSystems.org

@@ -515,6 +515,12 @@ A short overview over each input and what it does:
     inputs.nixpkgs.follows = "nixpkgs";
   };
 
+  nix-secrets = {
+    url = "git+ssh://git@github.com/Swarsel/nix-secrets.git?ref=main&shallow=1";
+    flake = false;
+    inputs = { };
+  };
+
 #+end_src
 *** let
 :PROPERTIES:
@@ -4627,7 +4633,10 @@ Also, the system state version is set here. No need to touch it.
 **** navidrome
 
 #+begin_src nix :tangle profiles/server/common/nixos/navidrome.nix
-  { pkgs, lib, config, ... }:
+  { pkgs, lib, inputs, config, ... }:
+  let
+    secretsDirectory = builtins.toString inputs.nix-secrets;
+  in
   {
     config = lib.mkIf config.swarselsystems.server.navidrome {
       environment.systemPackages = with pkgs; [
@@ -4684,10 +4693,10 @@ Also, the system state version is set here. No need to touch it.
           };
           # Switch using --impure as these credential files are not stored within the flake
           # sops-nix is not supported for these which is why we need to resort to these
-          LastFM.ApiKey = builtins.readFile /home/swarsel/api/lastfm-secret;
+          LastFM.ApiKey = builtins.readFile "${secretsDirectory}/navidrome/lastfm-secret";
-          LastFM.Secret = builtins.readFile /home/swarsel/api/lastfm-key;
+          LastFM.Secret = builtins.readFile "${secretsDirectory}/navidrome/lastfm-key";
-          Spotify.ID = builtins.readFile /home/swarsel/api/spotify-id;
+          Spotify.ID = builtins.readFile "${secretsDirectory}/navidrome/spotify-id";
-          Spotify.Secret = builtins.readFile /home/swarsel/api/spotify-secret;
+          Spotify.Secret = builtins.readFile "${secretsDirectory}/navidrome/spotify-secret";
           UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png";
           UIWelcomeMessage = "~SwarselSound~";
         };

flake.nix

@@ -109,6 +109,12 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    nix-secrets = {
+      url = "git+ssh://git@github.com/Swarsel/nix-secrets.git?ref=main&shallow=1";
+      flake = false;
+      inputs = { };
+    };
+
   };
 
   outputs =

profiles/server/common/nixos/navidrome.nix

@@ -1,4 +1,7 @@
-{ pkgs, lib, config, ... }:
+{ pkgs, lib, inputs, config, ... }:
+let
+  secretsDirectory = builtins.toString inputs.nix-secrets;
+in
 {
   config = lib.mkIf config.swarselsystems.server.navidrome {
     environment.systemPackages = with pkgs; [
@@ -55,10 +58,10 @@
         };
         # Switch using --impure as these credential files are not stored within the flake
         # sops-nix is not supported for these which is why we need to resort to these
-        LastFM.ApiKey = builtins.readFile /home/swarsel/api/lastfm-secret;
+        LastFM.ApiKey = builtins.readFile "${secretsDirectory}/navidrome/lastfm-secret";
-        LastFM.Secret = builtins.readFile /home/swarsel/api/lastfm-key;
+        LastFM.Secret = builtins.readFile "${secretsDirectory}/navidrome/lastfm-key";
-        Spotify.ID = builtins.readFile /home/swarsel/api/spotify-id;
+        Spotify.ID = builtins.readFile "${secretsDirectory}/navidrome/spotify-id";
-        Spotify.Secret = builtins.readFile /home/swarsel/api/spotify-secret;
+        Spotify.Secret = builtins.readFile "${secretsDirectory}/navidrome/spotify-secret";
         UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png";
         UIWelcomeMessage = "~SwarselSound~";
       };