Add sas input

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
Reorganize secrets
2025-08-15 10:47:35 +03:00 · 2025-08-15 09:58:03 +03:00
56 changed files with 132 additions and 420 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,27 +0,0 @@
-stages:
-  - build
-  - test
-
-variables:
-  GIT_SUBMODULE_STRATEGY: recursive
-
-cache: &global_cache
-  key:
-    files:
-      - flake.lock
-      - flake.nix
-  paths:
-    - /nix/store
-  policy: pull-push
-
-build:
-  image: nixos/nix
-  stage: build
-  timeout: 48h
-  cache:
-    <<: *global_cache
-  script:
-    - nix --experimental-features 'nix-command flakes' flake check --show-trace
-
-include:
-  - template: Jobs/Secret-Detection.gitlab-ci.yml
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1,6 @@
 [submodule "secrets"]
-	path = secrets
-	url = https://git.karaolidis.com/karaolidis/nix-secrets.git
+	path = submodules/secrets
+	url = git@karaolidis.com:karaolidis/nix-secrets.git
+[submodule "sas"]
+	path = submodules/sas
+	url = git@karaolidis.com:karaolidis/nix-sas.git
--- a/README.md
+++ b/README.md
@@ -7,7 +7,6 @@ NixOS dotfiles and configuration for various hosts and users.
 - [`flake.lock`](./flake.lock) and [`flake.nix`](./flake.nix): Core Nix flake files defining the repository's dependencies and entry points.

 - [`hosts/`](./hosts): All host-specific configurations.
-
  - [`common/`](./hosts/common): Shared configuration definitions.
    - [`shells/`](./hosts/common/shells): Nix dev shells.
    - [`configs/`](./hosts/common/configs): System configurations applicable to all hosts.
@@ -20,7 +19,6 @@ NixOS dotfiles and configuration for various hosts and users.
 - [`packages/`](./packages/): Custom packages.

 - [`lib/`](./lib): Nix library function definitions and utilities.
-
  - [`scripts/`](./lib/scripts): Utility scripts for managing the repository.
    - [`add-host.sh`](./lib/scripts/add-host.sh): Instantiate the keys for a new host configuration.
    - [`remove-host.sh`](./lib/scripts/remove-host.sh): Remove references to a host.
--- a/flake.lock
+++ b/flake.lock
@@ -357,6 +357,7 @@
        "nur": "nur",
        "nvidia-patch": "nvidia-patch",
        "quadlet-nix": "quadlet-nix",
+        "sas": "sas",
        "secrets": "secrets",
        "sops-nix": "sops-nix",
        "spicetify-nix": "spicetify-nix",
@@ -385,14 +386,30 @@
        "type": "github"
      }
    },
+    "sas": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1755243359,
+        "narHash": "sha256-R8Tt700YWn/AEIfqG3n4mklFqmtYGsqKnj+kV+Sq6u8=",
+        "ref": "refs/heads/main",
+        "rev": "7bf093db0a30e4b0d8867c1b21e461f0bf08d866",
+        "revCount": 4,
+        "type": "git",
+        "url": "ssh://git@karaolidis.com/karaolidis/nix-sas.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "ssh://git@karaolidis.com/karaolidis/nix-sas.git"
+      }
+    },
    "secrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1754897748,
-        "narHash": "sha256-835Ez+LG0vYZhSuVUreVwoL6qBk7EVtCGuPcluimlBE=",
+        "lastModified": 1755243351,
+        "narHash": "sha256-Oa7ASrkHUcNHMf/rXnVokLytKEqiM4X2C7R8gBSy/AM=",
        "ref": "refs/heads/main",
-        "rev": "148402e92b624b350a600cba8324a54ab014941d",
-        "revCount": 30,
+        "rev": "13b3145cbabcf1d042abdab931cec9042bccc771",
+        "revCount": 32,
        "type": "git",
        "url": "ssh://git@karaolidis.com/karaolidis/nix-secrets.git"
      },
--- a/flake.nix
+++ b/flake.nix
@@ -30,6 +30,11 @@
      flake = false;
    };

+    sas = {
+      url = "git+ssh://git@karaolidis.com/karaolidis/nix-sas.git";
+      flake = false;
+    };
+
    nur = {
      url = "github:nix-community/NUR";
      inputs = {
--- a/hosts/common/configs/system/nix-install/install.sh
+++ b/hosts/common/configs/system/nix-install/install.sh
@@ -95,13 +95,13 @@ copy_secure_boot_keys() {
  SOPS_AGE_KEY_FILE="$flake/secrets/$key/key.txt"
  export SOPS_AGE_KEY_FILE

-  sops --decrypt --extract "['guid']" "$flake/secrets/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/GUID"
-  sops --decrypt --extract "['keys']['kek']['key']" "$flake/secrets/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/KEK/KEK.key"
-  sops --decrypt --extract "['keys']['kek']['pem']" "$flake/secrets/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/KEK/KEK.pem"
-  sops --decrypt --extract "['keys']['pk']['key']" "$flake/secrets/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/PK/PK.key"
-  sops --decrypt --extract "['keys']['pk']['pem']" "$flake/secrets/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/PK/PK.pem"
-  sops --decrypt --extract "['keys']['db']['key']" "$flake/secrets/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/db/db.key"
-  sops --decrypt --extract "['keys']['db']['pem']" "$flake/secrets/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/db/db.pem"
+  sops --decrypt --extract "['guid']" "$flake/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/GUID"
+  sops --decrypt --extract "['keys']['kek']['key']" "$flake/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/KEK/KEK.key"
+  sops --decrypt --extract "['keys']['kek']['pem']" "$flake/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/KEK/KEK.pem"
+  sops --decrypt --extract "['keys']['pk']['key']" "$flake/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/PK/PK.key"
+  sops --decrypt --extract "['keys']['pk']['pem']" "$flake/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/PK/PK.pem"
+  sops --decrypt --extract "['keys']['db']['key']" "$flake/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/db/db.key"
+  sops --decrypt --extract "['keys']['db']['pem']" "$flake/secrets/domains/lanzaboote/secrets.yaml" > "$root/persist/state/var/lib/sbctl/keys/db/db.pem"

  chmod 400 "$root/persist/state/var/lib/sbctl/keys"/*/*

--- a/hosts/common/configs/system/nix/default.nix
+++ b/hosts/common/configs/system/nix/default.nix
@@ -2,8 +2,10 @@
 {
  sops = {
    secrets = {
-      "git/credentials/github.com/public/username".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
-      "git/credentials/github.com/public/password".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+      "git/credentials/github.com/public/username".sopsFile =
+        "${inputs.secrets}/domains/personal/secrets.yaml";
+      "git/credentials/github.com/public/password".sopsFile =
+        "${inputs.secrets}/domains/personal/secrets.yaml";
    };

    templates.nix-access-tokens = {
--- a/hosts/common/configs/user/console/nix-develop/template.nix
+++ b/hosts/common/configs/user/console/nix-develop/template.nix
@@ -2,8 +2,6 @@
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";

-    flake-utils.url = "github:numtide/flake-utils";
-
    treefmt-nix = {
      url = "github:numtide/treefmt-nix";
      inputs.nixpkgs.follows = "nixpkgs";
--- a/hosts/common/configs/user/gui/darktable/default.nix
+++ b/hosts/common/configs/user/gui/darktable/default.nix
@@ -82,6 +82,6 @@ in
    };

    sops.secrets."jupiter/photos.karaolidis.com/admin".sopsFile =
-      "${inputs.secrets}/personal/secrets.yaml";
+      "${inputs.secrets}/domains/personal/secrets.yaml";
  };
 }
--- a/hosts/common/configs/user/gui/obsidian/default.nix
+++ b/hosts/common/configs/user/gui/obsidian/default.nix
@@ -608,6 +608,7 @@ in
      }
    ) hmConfig.programs.obsidian.vaults;

-    sops.secrets."google/cloud/obsidian/geocoding".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+    sops.secrets."google/cloud/obsidian/geocoding".sopsFile =
+      "${inputs.secrets}/domains/personal/secrets.yaml";
  };
 }
--- a/hosts/common/configs/user/gui/spicetify/default.nix
+++ b/hosts/common/configs/user/gui/spicetify/default.nix
@@ -64,7 +64,7 @@ in
        ];
      };

-    sops.secrets."spotify/username".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+    sops.secrets."spotify/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";

    xdg.configFile = {
      "spotify/prefs.init" = {
--- a/hosts/elara/configs/ssh/default.nix
+++ b/hosts/elara/configs/ssh/default.nix
@@ -11,13 +11,13 @@ in
 {
  sops.secrets = {
    "ssh/personal/key" = {
-      sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+      sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
      key = "ssh/key";
      path = "/root/.ssh/ssh_personal_ed25519_key";
    };

    "ssh/sas/ed25519/key" = {
-      sopsFile = "${inputs.secrets}/sas/secrets.yaml";
+      sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
      key = "ssh/ed25519/key";
      path = "/root/.ssh/ssh_sas_ed25519_key";
    };
--- a/hosts/elara/users/nikara/configs/console/artifactory/default.nix
+++ b/hosts/elara/users/nikara/configs/console/artifactory/default.nix
@@ -0,0 +1,8 @@
+{ user, home }:
+{ inputs, ... }:
+{
+  home-manager.users.${user}.sops.secrets = {
+    "artifactory/cdp/user".sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
+    "artifactory/cdp/password".sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
+  };
+}
--- a/hosts/elara/users/nikara/configs/console/gpg/default.nix
+++ b/hosts/elara/users/nikara/configs/console/gpg/default.nix
@@ -7,22 +7,22 @@ in
  home-manager.users.${user} = {
    sops.secrets = {
      "gpg/personal/key" = {
-        sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+        sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
        key = "gpg/key";
      };

      "gpg/personal/pass" = {
-        sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+        sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
        key = "gpg/pass";
      };

      "gpg/sas/key" = {
-        sopsFile = "${inputs.secrets}/sas/secrets.yaml";
+        sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
        key = "gpg/key";
      };

      "gpg/sas/pass" = {
-        sopsFile = "${inputs.secrets}/sas/secrets.yaml";
+        sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
        key = "gpg/pass";
      };
    };
--- a/hosts/elara/users/nikara/configs/console/podman/default.nix
+++ b/hosts/elara/users/nikara/configs/console/podman/default.nix
@@ -13,17 +13,17 @@ in
  home-manager.users.${user}.sops = {
    secrets = {
      "registry/personal/git.karaolidis.com" = {
-        sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+        sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
        key = "registry/git.karaolidis.com";
      };

      "registry/personal/docker.io" = {
-        sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+        sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
        key = "registry/docker.io";
      };

      "registry/sas/cr.sas.com" = {
-        sopsFile = "${inputs.secrets}/sas/secrets.yaml";
+        sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
        key = "registry/cr.sas.com";
      };
    };
--- a/hosts/elara/users/nikara/configs/console/sagew/default.nix
+++ b/hosts/elara/users/nikara/configs/console/sagew/default.nix
@@ -0,0 +1,8 @@
+{ user, home }:
+{ inputs, system, ... }:
+let
+  selfPkgs = inputs.self.packages.${system};
+in
+{
+  home-manager.users.${user}.home.packages = [ selfPkgs.sagew ];
+}
--- a/hosts/elara/users/nikara/configs/console/sas/default.nix
+++ b/hosts/elara/users/nikara/configs/console/sas/default.nix
@@ -1,8 +0,0 @@
-{ user, home }:
-{ inputs, ... }:
-{
-  home-manager.users.${user}.sops.secrets = {
-    "artifactory/cdp/user".sopsFile = "${inputs.secrets}/sas/secrets.yaml";
-    "artifactory/cdp/password".sopsFile = "${inputs.secrets}/sas/secrets.yaml";
-  };
-}
--- a/hosts/elara/users/nikara/configs/console/ssh/default.nix
+++ b/hosts/elara/users/nikara/configs/console/ssh/default.nix
@@ -15,55 +15,55 @@ in
    sops = {
      secrets = {
        "ssh/personal/key" = {
-          sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+          sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
          key = "ssh/key";
          path = "${home}/.ssh/ssh_personal_ed25519_key";
        };

        "ssh/personal/pass" = {
-          sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+          sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
          key = "ssh/pass";
        };

        "ssh/sas/ed25519/key" = {
-          sopsFile = "${inputs.secrets}/sas/secrets.yaml";
+          sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
          key = "ssh/ed25519/key";
          path = "${home}/.ssh/ssh_sas_ed25519_key";
        };

        "ssh/sas/ed25519/pass" = {
-          sopsFile = "${inputs.secrets}/sas/secrets.yaml";
+          sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
          key = "ssh/ed25519/pass";
        };

        "ssh/sas/rsa/key" = {
-          sopsFile = "${inputs.secrets}/sas/secrets.yaml";
+          sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
          key = "ssh/rsa/key";
          path = "${home}/.ssh/ssh_sas_rsa_key";
        };

        "ssh/sas/rsa/pass" = {
-          sopsFile = "${inputs.secrets}/sas/secrets.yaml";
+          sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
          key = "ssh/rsa/pass";
        };

        "git/credentials/personal/git.karaolidis.com/admin/username" = {
-          sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+          sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
          key = "git/credentials/git.karaolidis.com/admin/username";
        };

        "git/credentials/personal/git.karaolidis.com/admin/password" = {
-          sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+          sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
          key = "git/credentials/git.karaolidis.com/admin/password";
        };

        "git/credentials/sas/github.com/admin/username" = {
-          sopsFile = "${inputs.secrets}/sas/secrets.yaml";
+          sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
          key = "git/credentials/github.com/admin/username";
        };

        "git/credentials/sas/github.com/admin/password" = {
-          sopsFile = "${inputs.secrets}/sas/secrets.yaml";
+          sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
          key = "git/credentials/github.com/admin/password";
        };
      };
--- a/hosts/elara/users/nikara/configs/console/viya4-orders-cli/default.nix
+++ b/hosts/elara/users/nikara/configs/console/viya4-orders-cli/default.nix
@@ -13,8 +13,8 @@ in
 {
  home-manager.users.${user} = {
    sops.secrets = {
-      "viya/orders-api/key".sopsFile = "${inputs.secrets}/sas/secrets.yaml";
-      "viya/orders-api/secret".sopsFile = "${inputs.secrets}/sas/secrets.yaml";
+      "viya/orders-api/key".sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
+      "viya/orders-api/secret".sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
    };

    home.packages = [ selfPkgs.viya4-orders-cli ];
--- a/hosts/elara/users/nikara/default.nix
+++ b/hosts/elara/users/nikara/default.nix
@@ -85,6 +85,7 @@ in
    (import ../../../common/configs/user/gui/x11 { inherit user home; })
    (import ../../../common/configs/user/gui/xdg { inherit user home; })

+    (import ./configs/console/artifactory { inherit user home; })
    (import ./configs/console/c { inherit user home; })
    (import ./configs/console/go { inherit user home; })
    (import ./configs/console/gpg { inherit user home; })
@@ -92,7 +93,7 @@ in
    (import ./configs/console/java { inherit user home; })
    (import ./configs/console/kubernetes { inherit user home; })
    (import ./configs/console/podman { inherit user home; })
-    (import ./configs/console/sas { inherit user home; })
+    (import ./configs/console/sagew { inherit user home; })
    (import ./configs/console/ssh { inherit user home; })
    (import ./configs/console/viya4-orders-cli { inherit user home; })

@@ -102,7 +103,7 @@ in

  # mkpasswd -s
  sops.secrets."${user}-password" = {
-    sopsFile = "${inputs.secrets}/sas/secrets.yaml";
+    sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
    key = "password";
    neededForUsers = true;
  };
--- a/hosts/himalia/configs/ssh/default.nix
+++ b/hosts/himalia/configs/ssh/default.nix
@@ -1,7 +1,7 @@
 { inputs, ... }:
 {
  sops.secrets."ssh/key" = {
-    sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+    sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
    path = "/root/.ssh/ssh_personal_ed25519_key";
  };

--- a/hosts/himalia/users/nick/configs/console/gpg/default.nix
+++ b/hosts/himalia/users/nick/configs/console/gpg/default.nix
@@ -6,8 +6,8 @@ in
 {
  home-manager.users.${user} = {
    sops.secrets = {
-      "gpg/key".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
-      "gpg/pass".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+      "gpg/key".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
+      "gpg/pass".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
    };

    programs.clipbook.bookmarks."GPG Passphrase".source = hmConfig.sops.secrets."gpg/pass".path;
--- a/hosts/himalia/users/nick/configs/console/podman/default.nix
+++ b/hosts/himalia/users/nick/configs/console/podman/default.nix
@@ -11,8 +11,8 @@ in
 {
  home-manager.users.${user}.sops = {
    secrets = {
-      "registry/git.karaolidis.com".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
-      "registry/docker.io".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+      "registry/git.karaolidis.com".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
+      "registry/docker.io".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
    };

    templates."containers-auth.json" = {
--- a/hosts/himalia/users/nick/configs/console/ssh/default.nix
+++ b/hosts/himalia/users/nick/configs/console/ssh/default.nix
@@ -14,17 +14,17 @@ in
    sops = {
      secrets = {
        "ssh/key" = {
-          sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+          sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
          path = "${home}/.ssh/ssh_personal_ed25519_key";
        };

-        "ssh/pass".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+        "ssh/pass".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";

        "git/credentials/git.karaolidis.com/admin/username".sopsFile =
-          "${inputs.secrets}/personal/secrets.yaml";
+          "${inputs.secrets}/domains/personal/secrets.yaml";

        "git/credentials/git.karaolidis.com/admin/password".sopsFile =
-          "${inputs.secrets}/personal/secrets.yaml";
+          "${inputs.secrets}/domains/personal/secrets.yaml";
      };

      templates."git/credentials" = {
--- a/hosts/himalia/users/nick/default.nix
+++ b/hosts/himalia/users/nick/default.nix
@@ -105,7 +105,7 @@ in

  # mkpasswd -s
  sops.secrets."${user}-password" = {
-    sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+    sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
    key = "password";
    neededForUsers = true;
  };
--- a/hosts/installer/configs/ssh/default.nix
+++ b/hosts/installer/configs/ssh/default.nix
@@ -1,7 +1,7 @@
 { inputs, ... }:
 {
  sops.secrets."ssh/key" = {
-    sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+    sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
    path = "/root/.ssh/ssh_personal_ed25519_key";
  };

--- a/hosts/installer/users/nick/configs/console/gpg/default.nix
+++ b/hosts/installer/users/nick/configs/console/gpg/default.nix
@@ -2,7 +2,7 @@
 { inputs, ... }:
 {
  home-manager.users.${user}.sops.secrets = {
-    "gpg/key".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
-    "gpg/pass".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+    "gpg/key".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
+    "gpg/pass".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
  };
 }
--- a/hosts/installer/users/nick/configs/console/ssh/default.nix
+++ b/hosts/installer/users/nick/configs/console/ssh/default.nix
@@ -14,17 +14,17 @@ in
    sops = {
      secrets = {
        "ssh/key" = {
-          sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+          sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
          path = "${home}/.ssh/ssh_personal_ed25519_key";
        };

-        "ssh/pass".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+        "ssh/pass".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";

        "git/credentials/git.karaolidis.com/admin/username".sopsFile =
-          "${inputs.secrets}/personal/secrets.yaml";
+          "${inputs.secrets}/domains/personal/secrets.yaml";

        "git/credentials/git.karaolidis.com/admin/password".sopsFile =
-          "${inputs.secrets}/personal/secrets.yaml";
+          "${inputs.secrets}/domains/personal/secrets.yaml";
      };

      templates."git/credentials" = {
--- a/hosts/installer/users/nick/default.nix
+++ b/hosts/installer/users/nick/default.nix
@@ -45,7 +45,7 @@ in

  # mkpasswd -s
  sops.secrets."${user}-password" = {
-    sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+    sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
    key = "password";
    neededForUsers = true;
  };
--- a/hosts/jupiter-vps/configs/ssh/default.nix
+++ b/hosts/jupiter-vps/configs/ssh/default.nix
@@ -1,7 +1,7 @@
 { inputs, ... }:
 {
  sops.secrets."ssh/key" = {
-    sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+    sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
    path = "/root/.ssh/ssh_personal_ed25519_key";
  };

--- a/hosts/jupiter-vps/default.nix
+++ b/hosts/jupiter-vps/default.nix
@@ -31,5 +31,7 @@

  environment.impermanence.enable = lib.mkForce false;

-  users.users.root.openssh.authorizedKeys.keyFiles = [ "${inputs.secrets}/personal/id_ed25519.pub" ];
+  users.users.root.openssh.authorizedKeys.keyFiles = [
+    "${inputs.secrets}/domains/personal/id_ed25519.pub"
+  ];
 }
--- a/hosts/jupiter/configs/ssh/default.nix
+++ b/hosts/jupiter/configs/ssh/default.nix
@@ -1,7 +1,7 @@
 { inputs, ... }:
 {
  sops.secrets."ssh/key" = {
-    sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+    sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
    path = "/root/.ssh/ssh_personal_ed25519_key";
  };

--- a/hosts/jupiter/default.nix
+++ b/hosts/jupiter/default.nix
@@ -64,5 +64,7 @@
    "v  /mnt/storage/private 0755 root root    - -"
  ];

-  users.users.root.openssh.authorizedKeys.keyFiles = [ "${inputs.secrets}/personal/id_ed25519.pub" ];
+  users.users.root.openssh.authorizedKeys.keyFiles = [
+    "${inputs.secrets}/domains/personal/id_ed25519.pub"
+  ];
 }
--- a/hosts/jupiter/users/nick/configs/console/podman/default.nix
+++ b/hosts/jupiter/users/nick/configs/console/podman/default.nix
@@ -10,7 +10,7 @@ let
 in
 {
  home-manager.users.${user}.sops = {
-    secrets."registry/docker.io".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+    secrets."registry/docker.io".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";

    templates.containers-auth = {
      content = builtins.readFile (
--- a/hosts/jupiter/users/nick/configs/console/ssh/default.nix
+++ b/hosts/jupiter/users/nick/configs/console/ssh/default.nix
@@ -4,11 +4,11 @@
  home-manager.users.${user} = {
    sops.secrets = {
      "ssh/key" = {
-        sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+        sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
        path = "${home}/.ssh/ssh_personal_ed25519_key";
      };

-      "ssh/pass".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+      "ssh/pass".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
    };
  };
 }
--- a/hosts/jupiter/users/nick/default.nix
+++ b/hosts/jupiter/users/nick/default.nix
@@ -44,7 +44,7 @@ in

  # mkpasswd -s
  sops.secrets."${user}-password" = {
-    sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+    sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
    key = "password";
    neededForUsers = true;
  };
@@ -63,7 +63,7 @@ in
    ];
    linger = true;
    uid = lib.strings.toInt (builtins.readFile ./uid);
-    openssh.authorizedKeys.keyFiles = [ "${inputs.secrets}/personal/id_ed25519.pub" ];
+    openssh.authorizedKeys.keyFiles = [ "${inputs.secrets}/domains/personal/id_ed25519.pub" ];
  };

  home-manager.users.${user}.home = {
--- a/hosts/jupiter/users/storm/configs/console/podman/default.nix
+++ b/hosts/jupiter/users/storm/configs/console/podman/default.nix
@@ -40,7 +40,7 @@ in
    ];

    sops = {
-      secrets."registry/docker.io".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+      secrets."registry/docker.io".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";

      templates.containers-auth = {
        content = builtins.readFile (
--- a/hosts/jupiter/users/storm/configs/console/podman/media/jellyfin/default.nix
+++ b/hosts/jupiter/users/storm/configs/console/podman/media/jellyfin/default.nix
@@ -20,8 +20,8 @@ in
        "jellyfin/admin".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
        "jellyfin/authelia/password".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
        "jellyfin/authelia/digest".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
-        "opensubtitles/username".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
-        "opensubtitles/password".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+        "opensubtitles/username".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
+        "opensubtitles/password".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
      };

      templates = {
--- a/hosts/jupiter/users/storm/configs/console/podman/shlink/default.nix
+++ b/hosts/jupiter/users/storm/configs/console/podman/shlink/default.nix
@@ -17,7 +17,7 @@ in
      secrets = {
        "shlink/postgresql".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
        "shlink/apiKey".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml";
-        "maxmind/licenseKey".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+        "maxmind/licenseKey".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
      };

      templates = {
--- a/hosts/jupiter/users/storm/configs/console/podman/sish/default.nix
+++ b/hosts/jupiter/users/storm/configs/console/podman/sish/default.nix
@@ -33,8 +33,8 @@ in
              authorizedKeys = pkgs.writeTextFile {
                name = "authorized_keys";
                text = lib.strings.concatStringsSep "\n" [
-                  (builtins.readFile "${inputs.secrets}/personal/id_ed25519.pub")
-                  (builtins.readFile "${inputs.secrets}/sas/id_globalprotect_ed25519.pub")
+                  (builtins.readFile "${inputs.secrets}/domains/personal/id_ed25519.pub")
+                  (builtins.readFile "${inputs.secrets}/domains/sas/id_globalprotect_ed25519.pub")
                ];
              };
            in
--- a/hosts/jupiter/users/storm/configs/console/podman/traefik/default.nix
+++ b/hosts/jupiter/users/storm/configs/console/podman/traefik/default.nix
@@ -25,7 +25,7 @@ in

  home-manager.users.${user} = {
    sops = {
-      secrets."cloudflare/letsencrypt".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+      secrets."cloudflare/letsencrypt".sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
      templates.traefik-env.content = ''
        CF_DNS_API_TOKEN=${hmConfig.sops.placeholder."cloudflare/letsencrypt"}
      '';
--- a/hosts/jupiter/users/storm/default.nix
+++ b/hosts/jupiter/users/storm/default.nix
@@ -31,7 +31,7 @@ in

  # mkpasswd -s
  sops.secrets."${user}-password" = {
-    sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+    sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
    key = "password";
    neededForUsers = true;
  };
@@ -53,7 +53,7 @@ in
      group = user;
      autoSubUidGidRange = true;
      useDefaultShell = true;
-      openssh.authorizedKeys.keyFiles = [ "${inputs.secrets}/personal/id_ed25519.pub" ];
+      openssh.authorizedKeys.keyFiles = [ "${inputs.secrets}/domains/personal/id_ed25519.pub" ];
    };

    groups.${user}.gid = lib.strings.toInt (builtins.readFile ./uid);
--- a/lib/scripts/add-host.sh
+++ b/lib/scripts/add-host.sh
@@ -20,7 +20,7 @@ keys:
  - hosts:
      - &$host $age_key
  - namespaces:
-      - &personal $(age-keygen -y ./secrets/personal/key.txt | tr -d '\n')
+      - &personal $(age-keygen -y ./secrets/domains/personal/key.txt | tr -d '\n')

 creation_rules:
  - path_regex: .+\.(yaml|yml|json|env|ini|bin)
--- a/packages/comentario/default.nix
+++ b/packages/comentario/default.nix
@@ -69,7 +69,7 @@ pkgs.buildGoModule (finalAttrs: {

  installPhase = ''
    mkdir -p $out/bin $out/lib/${finalAttrs.pname}
-    cp -r "$GOPATH/bin/${finalAttrs.pname}" $out/bin/${finalAttrs.pname}
+    cp -r $GOPATH/bin/comentario $out/bin/${finalAttrs.pname}
    cp -r db templates $out/lib/${finalAttrs.pname}

    wrapProgram $out/bin/${finalAttrs.pname} \
--- a/packages/default.nix
+++ b/packages/default.nix
@@ -91,13 +91,5 @@ in
  ssh-known-hosts-gitlab = callPackage ./ssh/known-hosts/gitlab { };

  yazi-plugin-custom-shell = callPackage ./yazi/plugins/custom-shell { };
-
-  # SAS
-  ssh-known-hosts-sas-artifact = callPackage ./ssh/known-hosts/sas/artifact { };
-  ssh-known-hosts-sas-cldlgn = callPackage ./ssh/known-hosts/sas/cldlgn { };
-  ssh-known-hosts-sas-gerrit = callPackage ./ssh/known-hosts/sas/gerrit { };
-  ssh-known-hosts-sas-gitlab = callPackage ./ssh/known-hosts/sas/gitlab { };
-
-  sas-cacert = callPackage ./sas/cacert { };
-  viya4-orders-cli = callPackage ./sas/viya4-orders-cli { };
 }
+// (import "${inputs.sas}/packages" { inherit pkgs inputs system; })
--- a/packages/prometheus-fail2ban-exporter/default.nix
+++ b/packages/prometheus-fail2ban-exporter/default.nix
@@ -26,6 +26,6 @@ pkgs.buildGoModule (finalAttrs: {

  installPhase = ''
    mkdir -p $out/bin
-    cp -r "$GOPATH/bin/fail2ban-prometheus-exporter" $out/bin/prometheus-fail2ban-exporter
+    cp -r $GOPATH/bin/fail2ban-prometheus-exporter $out/bin/prometheus-fail2ban-exporter
  '';
 })
--- a/packages/sas/cacert/default.nix
+++ b/packages/sas/cacert/default.nix
@@ -1,17 +0,0 @@
-{ pkgs, ... }:
-pkgs.stdenv.mkDerivation {
-  pname = "sas-cacert";
-  version = "0-unstable-2025-05-13";
-
-  src = builtins.fetchurl {
-    url = "http://certificates.sas.com/pki/sascacertsbundle.txt";
-    sha256 = "sha256:1lah292kqhw6mkj63870qh8fjm44ll4jdqz87pfgr4sb803w1i15";
-  };
-
-  phases = [ "installPhase" ];
-
-  installPhase = ''
-    mkdir -p $out/etc/ssl/certs
-    cp $src $out/etc/ssl/certs/ca-bundle.crt
-  '';
-}
--- a/packages/sas/viya4-orders-cli/better-config.patch
+++ b/packages/sas/viya4-orders-cli/better-config.patch
@@ -1,159 +0,0 @@
-diff --git a/README.md b/README.md
-index 4740e58..5fd44fe 100644
--- a/README.md
-+++ b/README.md
-@@ -25,7 +25,7 @@ Available Commands:
-   license          Download a license for the given order number at the given cadence name and version
- 
- Flags:
-  -c, --config string      config file (default is $HOME/.viya4-orders-cli)
-+  -c, --config string      config file (default is $XDG_CONFIG_HOME/viya4-orders-cli/config.yaml)
-   -n, --file-name string   name of the file where you want the downloaded order asset to be stored
-                            (defaults:
-                                 assetHistory - assetHistory_<order number>.json
-@@ -146,9 +146,9 @@ Take the following steps to start using SAS Viya Orders CLI:
- 
- 1. If you want to use a configuration file, create it.
- 
-   The default location for the configuration file is `$HOME/.viya4-orders-cli` and the default format is [YAML](https://yaml.org/).
-   You can save the file anywhere you want and use any supported format, as long as you use the `--config` /
-   `-c` option to specify its path and name to the CLI.
-+   The default location for the configuration file is `$XDG_CONFIG_HOME/viya4-orders-cli/config.yaml` and the default format is [YAML](https://yaml.org/).
-+   You can save the file anywhere you want as long as you use the `--config` /
-+   `-c` option to inform the CLI of any non-default location.
- 
-    When using the `-c` option to specify a config file, that file must have a valid extension denoting its format. Supported
-    formats are [JSON](https://www.json.org/),
-@@ -196,7 +196,7 @@ You have the following options for launching SAS Viya Orders CLI:
- The examples in this section correspond to typical tasks that you might perform
- using SAS Viya Orders CLI:
- 
-- Using a configuration file, `/c/Users/auser/vocli/.viya4-orders-cli.yaml`, to
-+- Using a configuration file, `/c/Users/auser/vocli/.config/viya4-orders-cli/config.yaml`, to
-   convey your API credentials, get deployment assets for SAS Viya order `923456`
-   at the latest version of the Long Term Support (`lts`) cadence. Send the
-   contents to file `/c/Users/auser/vocli/sasfiles/923456_lts_depassets.tgz`:
-@@ -204,13 +204,13 @@ using SAS Viya Orders CLI:
- 
-   ```docker
-   docker run -v /c/Users/auser/vocli:/sasstuff viya4-orders-cli deploymentAssets 923456 lts \
-   --config /sasstuff/.viya4-orders-cli.yaml --file-path /sasstuff/sasfiles --file-name 923456_lts_depassets
-+   --config /sasstuff/.config/viya4-orders-cli/config.yaml --file-path /sasstuff/sasfiles --file-name 923456_lts_depassets
-   ```
- 
-   Sample output:
- 
-   ```text
-  2020/10/02 19:16:30 Using config file: /sasstuff/.viya4-orders-cli.yaml
-+  2020/10/02 19:16:30 Using config file: /sasstuff/.config/viya4-orders-cli/config.yaml
-   OrderNumber: 923456
-   AssetName: deploymentAssets
-   AssetReqURL: https://api.sas.com/mysas/orders/923456/cadenceNames/lts/deploymentAssets
-diff --git a/cmd/root.go b/cmd/root.go
-index f8870da..9b0816a 100644
--- a/cmd/root.go
-+++ b/cmd/root.go
-@@ -8,7 +8,6 @@ import (
- 	"log"
- 	"os"
- 
-	homedir "github.com/mitchellh/go-homedir"
- 	"github.com/sassoftware/viya4-orders-cli/lib/authn"
- 	"github.com/spf13/cobra"
- 	"github.com/spf13/viper"
-@@ -48,7 +47,7 @@ func init() {
- 
- 	// Define global flags / options and set their default values.
- 	rootCmd.PersistentFlags().StringVarP(&cfgFile, "config", "c", "",
-		"config file (default is $HOME/.viya4-orders-cli)")
-+		"config file (default is $XDG_CONFIG_HOME/viya4-orders-cli/config.yaml)")
- 	rootCmd.PersistentFlags().StringVarP(&assetFileName, "file-name", "n", "",
- 		"name of the file where you want the downloaded order asset to be stored\n"+
- 			"(defaults:\n\tassetHistory - assetHistory_<order number>.json\n\tcerts - SASViyaV4_<order number>_certs.zip\n\tlicense and depassets - SASViyaV4_<order number>_<renewal sequence>_<cadence information>_<asset name>_<date time stamp>."+
-@@ -74,16 +73,9 @@ func initConfig() {
- 		// Use config file from the flag.
- 		viper.SetConfigFile(cfgFile)
- 	} else {
-		// Find home directory.
-		home, err := homedir.Dir()
-		if err != nil {
-			log.Fatalln("ERROR: homedir.Dir() returned: " + err.Error())
-		}
-
-		// Search config in home directory with name ".viya4-orders-cli" (without extension).
-		viper.AddConfigPath(home)
-		viper.SetConfigName(".viya4-orders-cli")
-		// If they provide a config file with no extension if must be in yaml format.
-+		viper.AddConfigPath("$XDG_CONFIG_HOME/viya4-orders-cli")
-+		viper.AddConfigPath("$HOME/.config/viya4-orders-cli")
-+		viper.SetConfigName("config")
- 		viper.SetConfigType("yaml")
- 	}
- 
-diff --git a/go.mod b/go.mod
-index 9fc71bd..0354b7c 100644
--- a/go.mod
-+++ b/go.mod
-@@ -3,7 +3,6 @@ module github.com/sassoftware/viya4-orders-cli
- go 1.22
- 
- require (
-	github.com/mitchellh/go-homedir v1.1.0
- 	github.com/spf13/cobra v1.8.1
- 	github.com/spf13/viper v1.19.0
- 	golang.org/x/oauth2 v0.26.0
-diff --git a/go.sum b/go.sum
-index b687b77..0e1433c 100644
--- a/go.sum
-+++ b/go.sum
-@@ -23,8 +23,6 @@ github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0V
- github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
- github.com/magiconair/properties v1.8.9 h1:nWcCbLq1N2v/cpNsy5WvQ37Fb+YElfq20WJ/a8RkpQM=
- github.com/magiconair/properties v1.8.9/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
-github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
-github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
- github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
- github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
- github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
-diff --git a/lib/authn/authn.go b/lib/authn/authn.go
-index a35c405..6345b6f 100644
--- a/lib/authn/authn.go
-+++ b/lib/authn/authn.go
-@@ -7,10 +7,10 @@ package authn
- 
- import (
- 	"context"
-	"encoding/base64"
- 	"errors"
- 	"fmt"
- 	"net/url"
-+	"os"
- 	"strings"
- 
- 	"github.com/spf13/viper"
-@@ -26,15 +26,20 @@ const (
- 
- // GetBearerToken calls the /token SAS Viya Orders API endpoint to exchange client credentials for a Bearer token.
- // The client credentials are obtained from the SAS API Portal (https://apiportal.sas.com), and should be defined in
-// Viper (https://github.com/spf13/viper) as clientCredentialsId (key) and clientCredentialsSecret (secret).
-+// Viper (https://github.com/spf13/viper) as clientCredentialsIdFile (key file) and clientCredentialsSecretFile (secret file).
- func GetBearerToken() (token string, err error) {
-	id, err := base64.StdEncoding.DecodeString(viper.GetString("clientCredentialsId"))
-+	idFile := viper.GetString("clientCredentialsIdFile")
-+	secFile := viper.GetString("clientCredentialsSecretFile")
-+
-+	// read id and sec from the files
-+	id, err := os.ReadFile(idFile)
- 	if err != nil {
-		return token, errors.New("ERROR: attempt to decode clientCredentialsId failed: " + err.Error())
-+		return token, errors.New("ERROR: attempt to read client credentials ID file failed: " + err.Error())
- 	}
-	sec, err := base64.StdEncoding.DecodeString(viper.GetString("clientCredentialsSecret"))
-+
-+	sec, err := os.ReadFile(secFile)
- 	if err != nil {
-		return token, errors.New("ERROR: attempt to decode clientCredentialsSecret failed: " + err.Error())
-+		return token, errors.New("ERROR: attempt to read client credentials secret file failed: " + err.Error())
- 	}
- 
- 	// Build the request URL.
--- a/packages/sas/viya4-orders-cli/default.nix
+++ b/packages/sas/viya4-orders-cli/default.nix
@@ -1,30 +0,0 @@
-{ pkgs, ... }:
-# AUTO-UPDATE: nix-update --flake viya4-orders-cli
-pkgs.buildGoModule (finalAttrs: {
-  pname = "viya4-orders-cli";
-  version = "1.7.0";
-
-  src = pkgs.fetchFromGitHub {
-    owner = "sassoftware";
-    repo = "viya4-orders-cli";
-    rev = finalAttrs.version;
-    hash = "sha256-0AZBKxQC3NDgwtdnso0zEd4h9PBexFzqig4tWoHJTFM=";
-  };
-
-  vendorHash = "sha256-EsDdrmcFnsU0woXe562lb5Hx/7yZvYYR6GmNxPJEsxM=";
-
-  patches = [ ./better-config.patch ];
-
-  ldflags = [
-    "-s"
-    "-w"
-    "-X github.com/sassoftware/viya4-orders-cli/cmd.version=${finalAttrs.version}"
-  ];
-
-  installPhase = ''
-    mkdir -p $out/bin
-    cp "$GOPATH/bin/viya4-orders-cli" $out/bin/viya4-orders-cli
-  '';
-
-  meta.mainProgram = finalAttrs.pname;
-})
--- a/packages/ssh/known-hosts/sas/artifact/default.nix
+++ b/packages/ssh/known-hosts/sas/artifact/default.nix
@@ -1,22 +0,0 @@
-{
-  pkgs,
-  inputs,
-  system,
-  ...
-}:
-pkgs.stdenv.mkDerivation {
-  pname = "ssh-known-hosts-sas-artifact";
-  version = "0-unstable-2025-03-14";
-
-  src = inputs.self.lib.${system}.fetchers.sshKnownHosts {
-    host = "artifactlfs.unx.sas.com";
-    port = 1339;
-    hash = "sha256-r3RaTj1GClvD0NwMwgNyfLYNBBjtGFu72CqB1L7f6wQ=";
-  };
-
-  phases = [ "installPhase" ];
-
-  installPhase = ''
-    cp $src $out
-  '';
-}
--- a/packages/ssh/known-hosts/sas/cldlgn/default.nix
+++ b/packages/ssh/known-hosts/sas/cldlgn/default.nix
@@ -1,21 +0,0 @@
-{
-  pkgs,
-  inputs,
-  system,
-  ...
-}:
-pkgs.stdenv.mkDerivation {
-  pname = "ssh-known-hosts-sas-cldlgn";
-  version = "0-unstable-2025-02-25";
-
-  src = inputs.self.lib.${system}.fetchers.sshKnownHosts {
-    host = "cldlgn.fyi.sas.com";
-    hash = "sha256-HymFic00RROW1tC4sQe5QdDM7D8IDeTdKe8rWU6xhZM=";
-  };
-
-  phases = [ "installPhase" ];
-
-  installPhase = ''
-    cp $src $out
-  '';
-}
--- a/packages/ssh/known-hosts/sas/gerrit/default.nix
+++ b/packages/ssh/known-hosts/sas/gerrit/default.nix
@@ -1,21 +0,0 @@
-{
-  pkgs,
-  inputs,
-  system,
-  ...
-}:
-pkgs.stdenv.mkDerivation {
-  pname = "ssh-known-hosts-sas-gerrit";
-  version = "0-unstable-2025-02-25";
-
-  src = inputs.self.lib.${system}.fetchers.sshKnownHosts {
-    host = "gerrit-svi.unx.sas.com";
-    hash = "sha256-+lvC19RyBWFhEwEdXIb/xwEyGuKnatkgOsmhAc583kA=";
-  };
-
-  phases = [ "installPhase" ];
-
-  installPhase = ''
-    cp $src $out
-  '';
-}
--- a/packages/ssh/known-hosts/sas/gitlab/default.nix
+++ b/packages/ssh/known-hosts/sas/gitlab/default.nix
@@ -1,21 +0,0 @@
-{
-  pkgs,
-  inputs,
-  system,
-  ...
-}:
-pkgs.stdenv.mkDerivation {
-  pname = "ssh-known-hosts-sas-gitlab";
-  version = "0-unstable-2025-02-25";
-
-  src = inputs.self.lib.${system}.fetchers.sshKnownHosts {
-    host = "gitlab.sas.com";
-    hash = "sha256-gJGM6bG+u+XS2UdyYtK7MXP2r8w3tX/1kJmsDpyFKWI=";
-  };
-
-  phases = [ "installPhase" ];
-
-  installPhase = ''
-    cp $src $out
-  '';
-}
--- a/1
+++ b/1
--- a/submodules/sas
+++ b/submodules/sas
--- a/submodules/secrets
+++ b/submodules/secrets
Author	SHA1	Message	Date
Nikolaos Karaolidis	b49f9f5c8e	Add sas input Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>	2025-08-15 10:47:35 +03:00
Nikolaos Karaolidis	0665ded197	Reorganize secrets Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>	2025-08-15 09:58:03 +03:00