fix various agenix things

services/caddy.nix

@@ -65,12 +65,6 @@ in
     };
   };
 
-  # Add agenix dependency for caddy service
-  systemd.services.caddy = {
-    after = [ "agenix.service" ];
-    requires = [ "agenix.service" ];
-  };
-
   systemd.tmpfiles.rules = [
     "d ${config.services.caddy.dataDir} 700 ${config.services.caddy.user} ${config.services.caddy.group}"
   ];

services/soulseek.nix

@@ -67,12 +67,6 @@ in
   users.users.${config.services.jellyfin.user}.extraGroups = [ "music" ];
   users.users.${username}.extraGroups = [ "music" ];
 
-  # Add agenix dependencies for slskd service
-  systemd.services.slskd = {
-    after = [ "agenix.service" ];
-    requires = [ "agenix.service" ];
-  };
-
   systemd.tmpfiles.rules = [
     "Z ${service_configs.music_dir} 0750 ${username} music"
     "Z ${service_configs.slskd.base} 0750 ${config.services.slskd.user} ${config.services.slskd.group}"

services/wg.nix

@@ -21,9 +21,7 @@
       "network.target"
       "jellyfin.service"
       "qbittorrent.service"
-      "agenix.service"
     ];
-    requires = [ "agenix.service" ];
     wantedBy = [ "multi-user.target" ];
 
     serviceConfig = {

usb-secrets.nix

@@ -9,12 +9,14 @@
   fileSystems."/mnt/usb-secrets" = {
     device = "/dev/disk/by-label/SECRETS";
     fsType = "vfat";
-    options = [ "noauto" "user" "rw" ];
+    options = [
+      "ro"
+      "uid=root"
+      "gid=root"
+      "umask=377"
+    ];
+    neededForBoot = true;
   };
 
   age.identityPaths = [ "/mnt/usb-secrets/usb-secrets-key" ];
-
-  systemd.tmpfiles.rules = [
-    "d /mnt/usb-secrets 0755 root root -"
-  ];
 }