feat: use separate repo for secrets.

modules/linux/home-manager/secrets.nix

@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  inputs,
   ...
 }: {
   options = {
@@ -10,16 +11,16 @@
     age = {
       secrets = {
         restic-local-pass = {
-          file = ../../../secrets/restic-local-pass.age;
+          file = "${inputs.secrets}/secrets/restic-local-pass.age";
         };
         restic-backblaze-pass = {
-          file = ../../../secrets/restic-backblaze-pass.age;
+          file = "${inputs.secrets}/secrets/restic-backblaze-pass.age";
         };
         restic-backblaze-repo = {
-          file = ../../../secrets/restic-backblaze-repo.age;
+          file = "${inputs.secrets}/secrets/restic-backblaze-repo.age";
         };
         restic-backblaze-env = {
-          file = ../../../secrets/restic-backblaze-env.age;
+          file = "${inputs.secrets}/secrets/restic-backblaze-env.age";
         };
       };
       identityPaths = ["/home/crony/.ssh/main" "/root/.ssh/id_ed25519"];

modules/linux/nixos/secrets.nix

@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  inputs,
   ...
 }: let
   default_keys = map (e: e.path) (
@@ -14,16 +15,16 @@ in {
     age = {
       secrets = {
         wg-desktop = {
-          file = ../../../secrets/wg-desktop.age;
+          file = "${inputs.secrets}/secrets/wg-desktop.age";
         };
         wg-ymir-home = {
-          file = ../../../secrets/wg-ymir-home.age;
+          file = "${inputs.secrets}/secrets/wg-ymir-home.age";
         };
         crony-passwd = {
-          file = ../../../secrets/crony-passwd-desktop.age;
+          file = "${inputs.secrets}/secrets/crony-passwd-desktop.age";
         };
         root-passwd = {
-          file = ../../../secrets/root-passwd.age;
+          file = "${inputs.secrets}/secrets/root-passwd.age";
         };
       };
       identityPaths = ["/home/crony/.ssh/main" "/root/.ssh/id_ed25519"] ++ default_keys;