flake-parts/sops.nix

@@ -27,7 +27,7 @@
             |> lib.attrValues
             |> lib.map (host: host.config.custom.sops)
             |> lib.filter (sops: sops.enable)
-            |> lib.map mkCreationRule;
+            |> lib.map (sops: mkCreationRule sops);
 
           userCreationRules =
             self.nixosConfigurations
@@ -35,7 +35,7 @@
             |> lib.filter (host: host.config |> lib.hasAttr "home-manager")
             |> lib.map (host: host.config.home-manager.users.seb.custom.sops)
             |> lib.filter (sops: sops.enable)
-            |> lib.map mkCreationRule;
+            |> lib.map (sops: mkCreationRule sops);
 
           jsonConfig = { creation_rules = hostCreationRules ++ userCreationRules; } |> lib.strings.toJSON;
         in

lib/default.nix

@@ -5,6 +5,10 @@
 {
   isPrivateDomain = domain: domain |> lib.hasSuffix ".splitleaf.de";
 
+  subdomainOf = domain: domain |> lib.splitString "." |> lib.head;
+
+  rootDomainOf = domain: domain |> lib.splitString "." |> lib.tail |> lib.concatStringsSep ".";
+
   listNixFilesRecursively =
     dir: dir |> lib.filesystem.listFilesRecursive |> lib.filter (lib.hasSuffix ".nix");
 

modules/system/services/sshd.nix

@@ -16,7 +16,7 @@ in
       openssh = {
         enable = true;
         openFirewall = false;
-        ports = lib.mkForce [ ];
+        ports = [ ];
         listenAddresses = lib.singleton {
           addr = netCfg.overlay.address;
           port = 22;
@@ -46,7 +46,7 @@ in
     users.users.seb.openssh.authorizedKeys.keyFiles =
       self.nixosConfigurations
       |> lib.attrValues
-      |> lib.filter (host: host.config.networking.hostName != netCfg.hostName)
+      |> lib.filter (host: host.config.custom.networking.hostName != netCfg.hostName)
       |> lib.filter (host: host.config |> lib.hasAttr "home-manager")
       |> lib.map (host: host.config.home-manager.users.seb.custom.programs.ssh)
       |> lib.filter (ssh: ssh.enable)