Transitioning back to a deployment/ dir

common/deployment.nix

@@ -0,0 +1,31 @@
+{ inputs, deployment-hosts, description, enable-rollback ? true, ... }:
+with inputs.nixpkgs.lib; let
+  network-config = {
+    nixpkgs = inputs.nixpkgs;
+    network = {
+      inherit description;
+      enableRollback = enable-rollback;
+    };
+  };
+
+  host-configs = genAttrs deployment-hosts
+    (hostname: fudo-nixos.nixopsHostConfigurations.${hostname});
+
+  host-uber-secrets = genAttrs deployment-hosts
+    (hostname: { config, ... }: let
+      uber-secrets = config.fudo.secrets.files.host-filesystem-keys;
+    in {
+      imports = [
+        inputs.fudo-secrets.nixosModule
+        ({ config, ... }: {
+          deployment.keys = mkIf (hasAttr hostname uber-secrets) {
+            deployment.keys = mapAttrs (secret: secret-file: {
+              keyFile = secret-file;
+              user = "root";
+              permissions = "0400";
+            }) uber-secrets.${hostname};
+          };
+        })
+      ];
+    });
+in network-config // host-configs // host-uber-secrets