sops: move secrets to specific services

modules/services/foundryvtt.nix

@@ -1,4 +1,6 @@
-{config, ...}: {
+{...}: {
+  sops.secrets.foundry-username = {};
+  sops.secrets.foundry-password = {};
   virtualisation.oci-containers.containers.foundryvtt = {
     image = "felddy/foundryvtt:release";
     volumes = [

modules/services/traefik.nix

@@ -1,6 +1,6 @@
 {config, ...}: {
+  sops.secrets.cloudflare-api-key = {};
   networking.firewall.allowedTCPPorts = [80 443 8080];
-
   systemd.user.services.traefik.after = ["docker.service"];
   systemd.services.traefik = {
     environment = {

modules/sops.nix

@@ -1,9 +1,6 @@
-{config, ...}: {
+{...}: {
   sops = {
     defaultSopsFile = ../secrets/secrets.yaml;
     age.keyFile = "/home/notoh/.config/sops/age/keys.txt";
-    secrets.foundry-username = {};
-    secrets.foundry-password = {};
-    secrets.cloudflare-api-key = {};
   };
 }