Fix invalid import issue.

common/machine-info/default.nix

@@ -12,7 +12,16 @@ in
     ./roles.nix
   ];
 
-  options.machines.hosts = lib.mkOption {
+  options.machines = {
+    # For some reason (presumably a bug), using the best value of "../../machines"
+    # as the path causes nix to search for invalid paths for flake imports but *not*
+    # secrets.nix for agenix.
+    machinesPath = lib.mkOption {
+      type = lib.types.path;
+      default = ../..;
+    };
+
+    hosts = lib.mkOption {
       type = lib.types.attrsOf
         (lib.types.submodule {
           options = {
@@ -107,6 +116,7 @@ in
           };
         });
     };
+  };
 
   config = {
     assertions = (lib.concatLists (lib.mapAttrsToList
@@ -193,6 +203,6 @@ in
           in
           lib.concatMap (d: propertiesFiles' "${dir}/${d}" d) dirPaths ++ builtins.map (p: { "${dirName}" = p; }) propFiles;
       in
-      properties ../../machines;
+      properties config.machines.machinesPath;
   };
 }

common/machine-info/moduleless.nix

@@ -2,6 +2,7 @@
 
 { nixpkgs ? import <nixpkgs> { }
 , assertionsModule ? <nixpkgs/nixos/modules/misc/assertions.nix>
+, machinesPath ? null
 }:
 
 {
@@ -10,6 +11,11 @@
       modules = [
         ./default.nix
         assertionsModule
+        {
+          config = nixpkgs.lib.mkIf (machinesPath != null) {
+            machines.machinesPath = machinesPath;
+          };
+        }
       ];
     }).config.machines;
 }

secrets/secrets.nix

@@ -1,6 +1,8 @@
 let
   lib = (import <nixpkgs> { }).lib;
-  sshKeys = (import ../common/machine-info/moduleless.nix { }).machines.ssh;
+  sshKeys = (import ../common/machine-info/moduleless.nix {
+    machinesPath = ../machines;
+  }).machines.ssh;
 
   # add userkeys to all roles so that I can r/w the secrets from my personal computers
   roles = lib.mapAttrs (role: hosts: hosts ++ sshKeys.userKeys) sshKeys.hostKeysByRole;