feat: switch proxt host

modules/nixos/client/network.nix

@@ -1,7 +1,7 @@
 { self, lib, pkgs, config, globals, ... }:
 let
   certsSopsFile = self + /secrets/repo/certs.yaml;
-  clientSopsFile = "${config.node.secretsDir}/secrets.yaml";
+  clientSopsFile = config.node.secretsDir + "/secrets.yaml";
 
   inherit (config.repo.secrets.common.network) wlan1 mobile1 vpn1-location vpn1-cipher vpn1-address eduroam-anon;
 

modules/nixos/client/polkit.nix

@@ -4,6 +4,9 @@
   config = lib.mkIf config.swarselmodules.security {
 
     security = {
+      # pki.certificateFiles = [
+      #   config.sops.secrets.harica-root-ca.path
+      # ];
       pam.services = lib.mkIf (!minimal) {
         login.u2fAuth = true;
         sudo.u2fAuth = true;

modules/nixos/client/sops.nix

@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ self, config, lib, ... }:
 {
   options.swarselmodules.sops = lib.mkEnableOption "sops config";
   config = lib.mkIf config.swarselmodules.sops {
@@ -6,7 +6,8 @@
 
       # age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${config.swarselsystems.homeDir}/.ssh/sops" "/etc/ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ];
       age.sshKeyPaths = [ "${if config.swarselsystems.isImpermanence then "/persist" else ""}/etc/ssh/ssh_host_ed25519_key" ];
-      defaultSopsFile = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${config.swarselsystems.flakePath}/secrets/repo/common.yaml";
+      # defaultSopsFile = "${if config.swarselsystems.isImpermanence then "/persist" else ""}${config.swarselsystems.flakePath}/secrets/repo/common.yaml";
+      defaultSopsFile = self + "/secrets/repo/common.yaml";
 
       validateSopsFiles = false;