config: remove yaml-gpg.rb again

this approach required the gpg privkey all time

flake.nix

@@ -13,8 +13,7 @@
     in
     rec {
       lib =
-        import ./nix/lib { inherit nixpkgs; }
+        import ./nix/lib { inherit nixpkgs; };
-      );
 
       packages = forAllSystems (system: {
         test_vm = nixpkgs.legacyPackages.${system}.runCommandLocal "test_vm" {

nix/lib/config/salt-support/load-yaml.nix

@@ -1,21 +1,15 @@
 { pkgs ? import <nixpkgs> {}
-, gpgKeyFile ? ../../salt-gpg.asc
 }:
 
 path:
 let
   json = pkgs.runCommandLocal "desalinated-${builtins.baseNameOf path}" {
     nativeBuildInputs = with pkgs; [
-      gnupg
       pythonPackages.j2cli ruby yaml2json
     ];
   } ''
-    export GNUPGHOME=$(mktemp -d)
-    gpg --import ${gpgKeyFile}
-
     j2 ${path} > expanded.yaml
-    ruby ${./yaml-gpg.rb} expanded.yaml > decrypted.yaml
+    yaml2json < expanded.yaml > $out
-    yaml2json < decrypted.yaml > $out
   '';
 in
 builtins.fromJSON (

nix/lib/config/salt-support/yaml-gpg.rb

@@ -1,29 +0,0 @@
-#!/usr/bin/env ruby
-
-require 'yaml'
-
-def expand_gpg yaml
-  if yaml.is_a? Hash
-    yaml.transform_values { |value| expand_gpg value }
-  elsif yaml.is_a? Array
-    yaml.map { |value| expand_gpg value }
-  elsif yaml.is_a? String
-    if yaml =~ /^-----BEGIN PGP MESSAGE-----.+-----END PGP MESSAGE-----$/m
-      IO::popen("gpg --decrypt", "r+") do |gpg|
-        gpg.puts yaml
-        gpg.close_write
-        gpg.readlines.join "\n"
-      end
-    else
-      yaml
-    end
-  else
-    yaml
-  end
-end
-
-ARGV.each do |filename|
-  yaml = YAML::load File::read(filename)
-  yaml = expand_gpg yaml
-  puts YAML::dump(yaml)
-end

nix/lib/default.nix

@@ -1,11 +1,13 @@
-{ nixpkgs, system }:
+{ nixpkgs }:
 
 let
-  pkgs = nixpkgs.legacyPackages.${system};
+  pkgs = nixpkgs.legacyPackages.x86_64-linux;
 in
 {
   config = import ./config { inherit pkgs; };
 
+  expandSaltTemplate = import ./config/salt-support/expand-template.nix { inherit pkgs; };
+
   netmasks = import ./netmasks.nix;
 
   subnet = import ./subnet { inherit pkgs; };

nix/pkgs/device-templates.nix

@@ -2,11 +2,11 @@
 with nixpkgs.lib;
 let
   pkgs = nixpkgs.legacyPackages.${system};
-  config = self.lib.${system}.config;
+  config = self.lib.config;
   
   templates = role: {
-    ap = _: ../salt/cpe/ap.sh;
+    ap = _: ../../salt/cpe/ap.sh;
-    switch = model: ../salt/switches + "/${model}.expect";
+    switch = model: ../../salt/switches + "/${model}.expect";
   }.${role};
   replaceNetmasks = template:
     builtins.toFile (builtins.baseNameOf template) (
@@ -15,16 +15,14 @@ let
       )
     );
   expandTemplate = name: template: data:
-    import ./salt-support/expand-template.nix {
+    self.lib.expandSaltTemplate name (replaceNetmasks template) data;
-      inherit pkgs;
-    } name (replaceNetmasks template) data;
 
   device-scripts =
     builtins.mapAttrs (hostname: { role, model, ... }:
       expandTemplate "${hostname}.sh" (templates role model) ({
         inherit hostname;
         pillar = config.salt-pillar;
-        netmasks = import ./netmasks.nix;
+        netmasks = self.lib.netmasks;
         logging = config.salt-pillar.hosts-inet.mgmt.logging;
       } // optionalAttrs (config.salt-pillar.switches ? ${hostname}) {
         switch = config.salt-pillar.switches.${hostname};