From 240515ed3b3407db8d9706ecdd42961f62cc320e Mon Sep 17 00:00:00 2001
From: Gabriel Arazas <foodogsquared@foodogsquared.one>
Date: Wed, 5 Jul 2023 13:04:52 +0800
Subject: [PATCH] tasks: add prefix for sops secrets key path

---
 .../nixos/tasks/backup-archive/default.nix    | 22 ++++++++++---------
 .../tasks/multimedia-archive/default.nix      |  7 +++---
 2 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/modules/nixos/tasks/backup-archive/default.nix b/modules/nixos/tasks/backup-archive/default.nix
index 6f7a97e6..a5dd5681 100644
--- a/modules/nixos/tasks/backup-archive/default.nix
+++ b/modules/nixos/tasks/backup-archive/default.nix
@@ -44,16 +44,18 @@ in
     lib.mkEnableOption "backup setup with BorgBackup";
 
   config = lib.mkIf cfg.enable {
-    sops.secrets = lib.getSecrets (lib.getSecret "backup-archive.yaml") {
-      "borg-backup/patterns/home" = { };
-      "borg-backup/patterns/etc" = { };
-      "borg-backup/patterns/keys" = { };
-      "borg-backup/patterns/remote-backup" = { };
-      "borg-backup/repos/archive/password" = { };
-      "borg-backup/repos/external-drive/password" = { };
-      "borg-backup/repos/hetzner-box/password" = { };
-      "borg-backup/ssh-key" = { };
-    };
+    sops.secrets = lib.getSecrets
+      (lib.getSecret "backup-archive.yaml")
+      (lib.attachSopsPathPrefix "borg-backup" {
+        "patterns/home" = { };
+        "patterns/etc" = { };
+        "patterns/keys" = { };
+        "patterns/remote-backup" = { };
+        "repos/archive/password" = { };
+        "repos/external-drive/password" = { };
+        "repos/hetzner-box/password" = { };
+        "ssh-key" = { };
+      });
 
     profiles.filesystem = {
       archive.enable = true;
diff --git a/modules/nixos/tasks/multimedia-archive/default.nix b/modules/nixos/tasks/multimedia-archive/default.nix
index b16e0551..a456fc96 100644
--- a/modules/nixos/tasks/multimedia-archive/default.nix
+++ b/modules/nixos/tasks/multimedia-archive/default.nix
@@ -93,9 +93,10 @@ in
     {
       environment.systemPackages = [ ytdlpArchiveVariant ];
 
-      sops.secrets = lib.getSecrets (lib.getSecret "multimedia-archive.yaml") {
-        "multimedia-archive/secrets-config" = { };
-      };
+      sops.secrets = lib.getSecrets (lib.getSecret "multimedia-archive.yaml")
+        (lib.attachSopsPathPrefix "multimedia-archive" {
+          "secrets-config" = { };
+        });
 
       profiles.filesystem.archive.enable = true;