secrets: read all files from dir

this enforces 1:1 mapping between the filename and the attribute name

build01/buildkite.nix

@@ -5,7 +5,7 @@
     enable = true;
     tokenPath = "/run/keys/buildkite-token";
     openssh.privateKeyPath = builtins.toPath "/run/keys/buildkite-agent-key";
-    openssh.publicKeyPath = builtins.toPath "/run/keys/buildkite-agent-key-pub";
+    openssh.publicKeyPath = builtins.toPath "/run/keys/buildkite-agent-key.pub";
 
     runtimePackages = [
       pkgs.gnutar

deployment.nix

@@ -27,8 +27,8 @@ in {
         permissions = "0600";
       };
 
-      deployment.keys.buildkite-agent-key-pub = {
+      deployment.keys."buildkite-agent-key.pub" = {
-        text = secrets.buildkite-agent-key-pub;
+        text = secrets."buildkite-agent-key.pub";
         user = "buildkite-agent";
         permissions = "0600";
       };