mirror of
https://git.sr.ht/~magic_rb/dotfiles
synced 2024-11-29 11:36:16 +01:00
Make sure everything evaluates and builds even without secrets
Signed-off-by: main <magic_rb@redalder.org>
This commit is contained in:
parent
26763fc88a
commit
8b700b61cc
|
@ -101,7 +101,7 @@
|
|||
vtermModule.url = "github:akermu/emacs-libvterm";
|
||||
vtermModule.flake = false;
|
||||
|
||||
secret.url = "git+ssh://git@github.com/MagicRB/dotfiles-secret";
|
||||
secret.url = "path:///var/empty";
|
||||
secret.flake = false;
|
||||
|
||||
qmk.url = "https://github.com/qmk/qmk_firmware";
|
||||
|
|
|
@ -77,6 +77,6 @@ in {
|
|||
options = singleton "bind";
|
||||
};
|
||||
}
|
||||
// secret.mounts.blowhole;
|
||||
// secret.mounts.blowhole or {};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -14,7 +14,7 @@ with lib; {
|
|||
users.main = {
|
||||
isNormalUser = true;
|
||||
home = "/home/main";
|
||||
hashedPassword = secret.passwordHashes.main.generic;
|
||||
hashedPassword = secret.passwordHashes.main or "";
|
||||
description = "main";
|
||||
|
||||
uid = 1000;
|
||||
|
|
|
@ -35,8 +35,8 @@ with lib; {
|
|||
({...}: {_module.args.pkgs = pkgs;})
|
||||
]
|
||||
++ (
|
||||
if (builtins.tryEval {x = import secret;}).success
|
||||
then [secret]
|
||||
if (builtins.pathExists (secret + "default.nix"))
|
||||
then [ secret ]
|
||||
else builtins.trace "Warning! Not loading any secrets, you may get errors." []
|
||||
);
|
||||
};
|
||||
|
|
|
@ -13,10 +13,12 @@ in {
|
|||
options.emacs = {
|
||||
mbsyncrc = mkOption {
|
||||
type = types.path;
|
||||
default = pkgs.writeText "mbsyncrb" "";
|
||||
};
|
||||
|
||||
mu4eContexts = mkOption {
|
||||
type = types.path;
|
||||
default = pkgs.writeText "mu4e-contexts.el" "";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -13,13 +13,16 @@ in {
|
|||
options.ical2org = {
|
||||
icalUrlCanvas = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
};
|
||||
icalUrlRooster = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
};
|
||||
|
||||
orgPath = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -15,5 +15,6 @@ in {
|
|||
description = ''
|
||||
Mounts
|
||||
'';
|
||||
default = {};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -2,22 +2,46 @@
|
|||
#
|
||||
# SPDX-License-Identifier: LGPL-3.0-or-later
|
||||
{lib, ...}:
|
||||
with lib; {
|
||||
options = {
|
||||
network.ips = mkOption {
|
||||
with lib;
|
||||
let
|
||||
mkIpOption =
|
||||
mkOption {
|
||||
description = ''
|
||||
Host IPs.
|
||||
Host IP
|
||||
'';
|
||||
type = with types; attrsOf (oneOf [str (attrsOf str)]);
|
||||
default = {};
|
||||
type = types.str;
|
||||
default = "";
|
||||
};
|
||||
mkNetworkOption =
|
||||
mkOption {
|
||||
description = ''
|
||||
Network IPs
|
||||
'';
|
||||
type = types.str;
|
||||
default = "";
|
||||
};
|
||||
in
|
||||
{
|
||||
options = {
|
||||
network.ips = {
|
||||
vault.dns = mkIpOption;
|
||||
vault.vpn = mkIpOption;
|
||||
blowhole.dns = mkIpOption;
|
||||
blowhole.ip = mkIpOption;
|
||||
blowhole.vpn = mkIpOption;
|
||||
heater = mkIpOption;
|
||||
edge.vpn = mkIpOption;
|
||||
omen.vpn = mkIpOption;
|
||||
toothpick = mkIpOption;
|
||||
woodchip = mkIpOption;
|
||||
media = mkIpOption;
|
||||
};
|
||||
|
||||
network.networks = mkOption {
|
||||
description = ''
|
||||
Network IPs.
|
||||
'';
|
||||
type = with types; attrsOf (oneOf [str (attrsOf str)]);
|
||||
default = {};
|
||||
network.networks = {
|
||||
home.inner = mkNetworkOption;
|
||||
home.outer = mkNetworkOption;
|
||||
home.mine = mkNetworkOption;
|
||||
vpn = mkNetworkOption;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -2,14 +2,23 @@
|
|||
#
|
||||
# SPDX-License-Identifier: LGPL-3.0-or-later
|
||||
{lib, ...}:
|
||||
with lib; {
|
||||
options = {
|
||||
passwordHashes = mkOption {
|
||||
with lib;
|
||||
let
|
||||
mkPasswordHashOptions =
|
||||
users:
|
||||
genAttrs
|
||||
users
|
||||
(user:
|
||||
mkOption {
|
||||
description = ''
|
||||
Password hashes.
|
||||
Password hash for user ${user}.
|
||||
'';
|
||||
type = with types; attrsOf (oneOf [str (attrsOf str)]);
|
||||
default = {};
|
||||
};
|
||||
type = with types; str;
|
||||
default = "";
|
||||
});
|
||||
in
|
||||
{
|
||||
options = {
|
||||
passwordHashes = mkPasswordHashOptions [ "main" ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -105,7 +105,7 @@ in
|
|||
wireguard = {
|
||||
enable = true;
|
||||
interfaces."${doVPN}" =
|
||||
config.magic_rb.secret.wireguard."${config.networking.hostName}"
|
||||
config.magic_rb.secret.wireguard."${config.networking.hostName}" or {}
|
||||
// {
|
||||
listenPort = 6666;
|
||||
privateKeyFile = "/var/secrets/${doVPN}.key";
|
||||
|
|
|
@ -82,7 +82,7 @@
|
|||
firewall.allowedTCPPorts = [22000];
|
||||
|
||||
wireguard.interfaces."wg0" =
|
||||
{} // config.magic_rb.secret.wireguard."omen";
|
||||
{} // config.magic_rb.secret.wireguard."omen" or { privateKey = ""; };
|
||||
};
|
||||
|
||||
# System
|
||||
|
|
|
@ -78,7 +78,7 @@ with lib;
|
|||
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -o wg0 -j ACCEPT
|
||||
'';
|
||||
}
|
||||
// config.magic_rb.secret.wireguard."toothpick";
|
||||
// config.magic_rb.secret.wireguard."toothpick" or { privateKey = ""; };
|
||||
};
|
||||
|
||||
defaultGateway = "64.225.96.1";
|
||||
|
|
Loading…
Reference in a new issue