Make sure everything evaluates and builds even without secrets

Signed-off-by: main <magic_rb@redalder.org>
This commit is contained in:
main 2022-11-23 20:48:59 +01:00
parent 26763fc88a
commit 8b700b61cc
No known key found for this signature in database
GPG key ID: 08D5287CC5DDCA0E
12 changed files with 67 additions and 28 deletions

View file

@ -101,7 +101,7 @@
vtermModule.url = "github:akermu/emacs-libvterm";
vtermModule.flake = false;
secret.url = "git+ssh://git@github.com/MagicRB/dotfiles-secret";
secret.url = "path:///var/empty";
secret.flake = false;
qmk.url = "https://github.com/qmk/qmk_firmware";

View file

@ -77,6 +77,6 @@ in {
options = singleton "bind";
};
}
// secret.mounts.blowhole;
// secret.mounts.blowhole or {};
};
}

View file

@ -14,7 +14,7 @@ with lib; {
users.main = {
isNormalUser = true;
home = "/home/main";
hashedPassword = secret.passwordHashes.main.generic;
hashedPassword = secret.passwordHashes.main or "";
description = "main";
uid = 1000;

View file

@ -35,8 +35,8 @@ with lib; {
({...}: {_module.args.pkgs = pkgs;})
]
++ (
if (builtins.tryEval {x = import secret;}).success
then [secret]
if (builtins.pathExists (secret + "default.nix"))
then [ secret ]
else builtins.trace "Warning! Not loading any secrets, you may get errors." []
);
};

View file

@ -13,10 +13,12 @@ in {
options.emacs = {
mbsyncrc = mkOption {
type = types.path;
default = pkgs.writeText "mbsyncrb" "";
};
mu4eContexts = mkOption {
type = types.path;
default = pkgs.writeText "mu4e-contexts.el" "";
};
};
}

View file

@ -13,13 +13,16 @@ in {
options.ical2org = {
icalUrlCanvas = mkOption {
type = types.str;
default = "";
};
icalUrlRooster = mkOption {
type = types.str;
default = "";
};
orgPath = mkOption {
type = types.str;
default = "";
};
};
}

View file

@ -15,5 +15,6 @@ in {
description = ''
Mounts
'';
default = {};
};
}

View file

@ -2,22 +2,46 @@
#
# SPDX-License-Identifier: LGPL-3.0-or-later
{lib, ...}:
with lib; {
options = {
network.ips = mkOption {
with lib;
let
mkIpOption =
mkOption {
description = ''
Host IPs.
Host IP
'';
type = with types; attrsOf (oneOf [str (attrsOf str)]);
default = {};
type = types.str;
default = "";
};
mkNetworkOption =
mkOption {
description = ''
Network IPs
'';
type = types.str;
default = "";
};
in
{
options = {
network.ips = {
vault.dns = mkIpOption;
vault.vpn = mkIpOption;
blowhole.dns = mkIpOption;
blowhole.ip = mkIpOption;
blowhole.vpn = mkIpOption;
heater = mkIpOption;
edge.vpn = mkIpOption;
omen.vpn = mkIpOption;
toothpick = mkIpOption;
woodchip = mkIpOption;
media = mkIpOption;
};
network.networks = mkOption {
description = ''
Network IPs.
'';
type = with types; attrsOf (oneOf [str (attrsOf str)]);
default = {};
network.networks = {
home.inner = mkNetworkOption;
home.outer = mkNetworkOption;
home.mine = mkNetworkOption;
vpn = mkNetworkOption;
};
};
}

View file

@ -2,14 +2,23 @@
#
# SPDX-License-Identifier: LGPL-3.0-or-later
{lib, ...}:
with lib; {
options = {
passwordHashes = mkOption {
with lib;
let
mkPasswordHashOptions =
users:
genAttrs
users
(user:
mkOption {
description = ''
Password hashes.
Password hash for user ${user}.
'';
type = with types; attrsOf (oneOf [str (attrsOf str)]);
default = {};
};
type = with types; str;
default = "";
});
in
{
options = {
passwordHashes = mkPasswordHashOptions [ "main" ];
};
}

View file

@ -105,7 +105,7 @@ in
wireguard = {
enable = true;
interfaces."${doVPN}" =
config.magic_rb.secret.wireguard."${config.networking.hostName}"
config.magic_rb.secret.wireguard."${config.networking.hostName}" or {}
// {
listenPort = 6666;
privateKeyFile = "/var/secrets/${doVPN}.key";

View file

@ -82,7 +82,7 @@
firewall.allowedTCPPorts = [22000];
wireguard.interfaces."wg0" =
{} // config.magic_rb.secret.wireguard."omen";
{} // config.magic_rb.secret.wireguard."omen" or { privateKey = ""; };
};
# System

View file

@ -78,7 +78,7 @@ with lib;
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -o wg0 -j ACCEPT
'';
}
// config.magic_rb.secret.wireguard."toothpick";
// config.magic_rb.secret.wireguard."toothpick" or { privateKey = ""; };
};
defaultGateway = "64.225.96.1";