Fix evaluation without secrets

Signed-off-by: magic_rb <richard@brezak.sk>
2024-11-21 23:54:22 +01:00 · 2023-10-21 17:46:17 +02:00 · 2023-10-21 17:46:17 +02:00 · 880ffeec87
parent 7968f1a15c
commit 880ffeec87
7 changed files with 31 additions and 22 deletions
--- a/flake-secret.lock
+++ b/flake-secret.lock
@ -868,14 +868,17 @@
    },
    "impermenance": {
      "locked": {
-        "lastModified": 1696322197,
-        "narHash": "sha256-WvxAZaeefq88RpXGKwGPekvqcITK7jIB38ow6ULHCTQ=",
-        "path": "/nix/persist/home/main/repos/impermanence",
-        "type": "path"
+        "lastModified": 1697902518,
+        "narHash": "sha256-L0wNEjROZFZS/2DxH3LkRYxgKAtVwNRcMab41jK9MDE=",
+        "owner": "MagicRB",
+        "repo": "impermanence",
+        "rev": "1e7f9def3b0d74dccb9f3876ba3ba7666641aa52",
+        "type": "github"
      },
      "original": {
-        "path": "/nix/persist/home/main/repos/impermanence",
-        "type": "path"
+        "owner": "MagicRB",
+        "repo": "impermanence",
+        "type": "github"
      }
    },
    "iserv-proxy": {
--- a/flake.lock
+++ b/flake.lock
@ -868,14 +868,17 @@
    },
    "impermenance": {
      "locked": {
-        "lastModified": 1696322197,
-        "narHash": "sha256-WvxAZaeefq88RpXGKwGPekvqcITK7jIB38ow6ULHCTQ=",
-        "path": "/nix/persist/home/main/repos/impermanence",
-        "type": "path"
+        "lastModified": 1697902518,
+        "narHash": "sha256-L0wNEjROZFZS/2DxH3LkRYxgKAtVwNRcMab41jK9MDE=",
+        "owner": "MagicRB",
+        "repo": "impermanence",
+        "rev": "1e7f9def3b0d74dccb9f3876ba3ba7666641aa52",
+        "type": "github"
      },
      "original": {
-        "path": "/nix/persist/home/main/repos/impermanence",
-        "type": "path"
+        "owner": "MagicRB",
+        "repo": "impermanence",
+        "type": "github"
      }
    },
    "iserv-proxy": {
--- a/flake.nix
+++ b/flake.nix
@ -18,7 +18,7 @@
    website.url = "sourcehut:~magic_rb/website";
    microvm.url = "github:astro/microvm.nix";
    notnft.url = "github:chayleaf/notnft";
-    impermenance.url = "path:///nix/persist/home/main/repos/impermanence";
+    impermenance.url = "github:MagicRB/impermanence";
    numen-nix.url = "github:anpandey/numen-nix";
    hydra.url = "github:t184256/hydra/nix-ca-reprise";

--- a/lib/load_secrets.nix
+++ b/lib/load_secrets.nix
@ -4,11 +4,11 @@
 { lib, ... }:
 {
  flake.libOverlays.loadSecrets =
-    final: prev: (lib.traceVal {
+    final: prev: {
      loadSecrets = path:
        if builtins.pathExists "${path}/default.nix" then
          import path { lib = final; }
        else
-          {};
-    });
+          builtins.trace "Not loading secrets!" {};
+    };
 }
--- a/nixos/systems/heater/nixpkgs.nix
+++ b/nixos/systems/heater/nixpkgs.nix
@ -11,6 +11,7 @@
      emacs-rofi
      tree-sitter-grammars
      emacs-master-nativecomp
+      ledger-compat
    ])
    ++
    (with inputs'.nixng.overlays; [
--- a/nixos/systems/omen/firewall.nix
+++ b/nixos/systems/omen/firewall.nix
@ -80,9 +80,11 @@
            # TCP 22 altra
            [ (is.eq ip.protocol (f: with f; set [ tcp ]))  (is.eq th.dport (set [ 22 ])) (is.eq ip.saddr (secret.network.ips.omen.vpn or "")) (is.eq ip.daddr (secret.network.ips.altra.ip or "")) accept ]

-            # ICMP to blowhole, toothpick
+            # ICMP to blowhole, toothpick, altra
            [ (is.eq ip.protocol (f: f.icmp)) (is.eq ip.saddr (secret.network.ips.omen.vpn or "")) (is.eq ip.daddr (set [ (secret.network.ips.toothpick or "") (secret.network.ips.altra.ip or "") (secret.network.ips.blowhole.ip or "") ])) accept ]

+            [ (is.eq ip.protocol (f: f.tcp)) (is.eq th.dport 8883) (is.eq ip.saddr (secret.network.ips.omen.vpn or "")) (is.eq ip.daddr (secret.network.ips.altra.ip or "")) accept ]
+
            # accept syncthing sharing
            [ (is.eq ip.protocol (f: f.udp)) (is.eq th.sport "22000") (is.eq th.dport "22000") accept ]
            [ (is.eq ip.protocol (f: f.tcp)) (is.eq th.dport "22000") accept ]
--- a/nixos/systems/omen/networking.nix
+++ b/nixos/systems/omen/networking.nix
@ -10,7 +10,7 @@ in

    hostId = "10c7ffc5";

-    nameservers = [ secret.network.ips.blowhole.ip ];
+    nameservers = [ (secret.network.ips.blowhole.ip or "") ];

    firewall.enable = false;

@ -36,7 +36,7 @@ in

        case $IFACE in
          eth0)
-            echo $IP_ADDRS | ${lib.getExe' pkgs.grepcidr "grepcidr"} ${secret.network.networks.home.amsterdam} > /dev/null
+            echo $IP_ADDRS | ${lib.getExe' pkgs.grepcidr "grepcidr"} ${secret.network.networks.home.amsterdam or ""} > /dev/null
            home_net=$?

            case $STATE in
@ -63,7 +63,7 @@ in
  };

  systemd.network.links."50-eth0" = {
-    matchConfig.MACAddress = secret.network.mac.usbc-omen;
+    matchConfig.MACAddress = secret.network.mac.usbc-omen or "";
    linkConfig.Name = "eth0";
  };

@ -85,12 +85,12 @@ in

  services.resolved.enable = false;
  environment.etc."resolv.conf".text = ''
-    nameserver ${secret.network.ips.blowhole.ip}
+    nameserver ${secret.network.ips.blowhole.ip or ""}
  '';

  services.resolved.extraConfig = ''
    [Resolve]
-    DNS=${secret.network.ips.blowhole.ip}
+    DNS=${secret.network.ips.blowhole.ip or ""}
    FallbackDNS=
  '';