refactor: move secrets off-shore

outputs/default.nix

@@ -4,7 +4,6 @@
     ./lib
     ./hozen
     ./hosts
-    ./keys.nix
     ./pkgs
     ./images.nix
     ./devshells

outputs/images.nix

@@ -1,8 +1,4 @@
-{
-  ook,
-  self,
-  ...
-}: {
+{self, ...}: {
   flake.images = {
     ooknode = self.nixosConfigurations.ooknode.config.system.build.image;
   };

outputs/keys.nix

@@ -1,6 +0,0 @@
-let
-  keys = import ../secrets/keys.nix;
-in {
-  perSystem._module.args.keys = keys;
-  flake.keys = keys;
-}

outputs/lib/builders.nix

@@ -7,9 +7,9 @@
   inherit (inputs) nixpkgs;
   inherit (lib) singleton recursiveUpdate mkDefault;
   inherit (builtins) concatLists;
-  inherit (self) hozen keys ook;
+  inherit (self) hozen ook;
+  inherit (inputs.secrets.nixosModules) secrets;
   hm = inputs.home-manager.nixosModules.home-manager;
-  agenix = inputs.agenix.nixosModules.default;
   nixosModules = "${self}/modules/nixos";
   baseModules = nixosModules + "/base";
   hardwareModules = nixosModules + "/hardware";
@@ -22,7 +22,7 @@
     (baseModules + "/admin.nix")
     (baseModules + "/ssh.nix")
   ];
-  core = [baseModules hardwareModules consoleModules appearanceModules hm agenix];
+  core = [baseModules hardwareModules consoleModules appearanceModules hm secrets];
   hostModules = "${self}/hosts";
 
   mkNixos = nixpkgs.lib.nixosSystem;
@@ -44,7 +44,7 @@
       mkNixos {
         specialArgs =
           recursiveUpdate {
-            inherit hozen ook keys lib inputs self inputs' self';
+            inherit hozen ook lib inputs self inputs' self';
           }
           specialArgs;
         modules = concatLists [
@@ -123,7 +123,7 @@
     ...
   }:
     mkNixos {
-      specialArgs = {inherit keys inputs lib self;};
+      specialArgs = {inherit inputs lib self;};
       modules = concatLists [
         (singleton {
           networking.hostName = hostname;