refactor sops secrets

build02/nixpkgs-update.nix

@@ -183,7 +183,7 @@ in
 
   sops.secrets.nix-community-cachix = {
     path = "/home/r-ryantm/.config/cachix/cachix.dhall";
-    sopsFile = ../roles/nix-community-cache.yaml;
+    sopsFile = ../roles/nix-community-cache/secrets.yaml;
     owner = "r-ryantm";
     group = "r-ryantm";
   };

services/hydra/default.nix

@@ -60,7 +60,7 @@ in {
         ];
     };
 
-    sops.secrets.nix-community-cachix.sopsFile = ../../roles/nix-community-cache.yaml;
+    sops.secrets.nix-community-cachix.sopsFile = ../../roles/nix-community-cache/secrets.yaml;
     sops.secrets.id_buildfarm = {};
 
     services.hydra = {

tasks.py

@@ -97,13 +97,9 @@ def update_sops_files(c):
     c.run(
         """
 find . \
-        -not -path "./.github/*" \
-        -not -path "./.mergify.yml" \
-        -not -path "./_config.yml" \
         -type f \
-        \( -iname '*.enc.json' -o -iname '*.yaml' \) \
+        \( -iname '*.enc.json' -o -iname 'secrets.yaml' \) \
-        -print0 | \
+        -exec sops updatekeys --yes {} \;
-        xargs -0 -n1 sops updatekeys --yes
 """
     )