2020-04-27 05:39:00 +04:00
|
|
|
{ pkgs, config, lib, inputs, ... }:
|
2020-02-17 17:00:59 +04:00
|
|
|
with lib;
|
|
|
|
|
with types;
|
|
|
|
|
let
|
|
|
|
|
secret = description:
|
2020-04-29 03:18:36 +04:00
|
|
|
mkOption {
|
|
|
|
|
inherit description;
|
|
|
|
|
type = nullOr str;
|
|
|
|
|
};
|
2020-02-17 17:00:59 +04:00
|
|
|
mkCredOption = service: extra:
|
2020-04-29 03:18:36 +04:00
|
|
|
mkOption {
|
|
|
|
|
description = "Credentials for ${service}";
|
|
|
|
|
type = nullOr (submodule {
|
|
|
|
|
options = {
|
|
|
|
|
user = mkOption {
|
|
|
|
|
type = str;
|
|
|
|
|
description = "Username for ${service}";
|
|
|
|
|
};
|
|
|
|
|
password = mkOption {
|
|
|
|
|
type = str;
|
|
|
|
|
description = "Password for ${service}";
|
|
|
|
|
};
|
|
|
|
|
} // extra;
|
|
|
|
|
});
|
|
|
|
|
};
|
2020-02-17 17:00:59 +04:00
|
|
|
in rec {
|
|
|
|
|
options.secrets = {
|
2020-04-29 03:18:36 +04:00
|
|
|
slack-term = secret "slack token";
|
|
|
|
|
yt-utilities = mkOption {
|
|
|
|
|
description = "youtrack";
|
|
|
|
|
type = nullOr (submodule {
|
|
|
|
|
options = {
|
|
|
|
|
user = secret "youtrack user";
|
|
|
|
|
url = secret "youtrack url";
|
|
|
|
|
token = secret "youtrack token";
|
|
|
|
|
};
|
|
|
|
|
});
|
2020-02-17 17:00:59 +04:00
|
|
|
};
|
|
|
|
|
wage = secret "wage (sum CURRENCY/TIME, like 10EUR/h)";
|
2020-04-29 03:18:36 +04:00
|
|
|
gcal = mkOption {
|
|
|
|
|
description = "Google calendar auth";
|
|
|
|
|
type = nullOr (submodule {
|
|
|
|
|
options = {
|
|
|
|
|
email = mkOption { type = lib.types.str; };
|
|
|
|
|
client-id = mkOption { type = lib.types.str; };
|
|
|
|
|
client-secret = mkOption { type = lib.types.str; };
|
|
|
|
|
refresh-token = mkOption { type = lib.types.str; };
|
|
|
|
|
};
|
|
|
|
|
});
|
2020-02-17 17:00:59 +04:00
|
|
|
};
|
|
|
|
|
mail = mkCredOption "email" {
|
|
|
|
|
host = mkOption {
|
|
|
|
|
type = str;
|
|
|
|
|
description = "Mail server";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
gpmusic = mkCredOption "Google Play Music (mopidy)" {
|
|
|
|
|
deviceid = mkOption {
|
|
|
|
|
type = str;
|
|
|
|
|
description = "Android device ID";
|
|
|
|
|
};
|
|
|
|
|
};
|
2020-04-29 03:18:36 +04:00
|
|
|
openvpn = mkCredOption "openvpn" { };
|
2020-02-17 17:00:59 +04:00
|
|
|
rclone = mkOption {
|
|
|
|
|
type = nullOr str;
|
|
|
|
|
description = "Rclone config";
|
|
|
|
|
};
|
2020-04-29 03:18:36 +04:00
|
|
|
ssl = mkOption {
|
|
|
|
|
description = "Certs";
|
|
|
|
|
type = nullOr (submodule {
|
|
|
|
|
options = {
|
|
|
|
|
cert = mkOption {
|
|
|
|
|
type = nullOr str;
|
|
|
|
|
description = "SSL certificate";
|
|
|
|
|
};
|
|
|
|
|
priv = mkOption {
|
|
|
|
|
type = nullOr str;
|
|
|
|
|
description = "SSL RSA private key";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
});
|
2020-02-17 17:00:59 +04:00
|
|
|
};
|
|
|
|
|
matrix = mkCredOption "matrix" rec {
|
|
|
|
|
shared_secret = mkOption {
|
|
|
|
|
type = nullOr str;
|
|
|
|
|
description = "A shared secret for matrix instance";
|
|
|
|
|
};
|
|
|
|
|
mautrix-whatsapp = {
|
2020-04-29 03:18:36 +04:00
|
|
|
config = mkOption { type = attrs; };
|
|
|
|
|
registration = mkOption { type = attrs; };
|
2020-02-17 17:00:59 +04:00
|
|
|
};
|
|
|
|
|
mautrix-telegram = mautrix-whatsapp;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
config = let
|
2020-04-29 03:18:36 +04:00
|
|
|
unlocked = import (pkgs.runCommand "check-secret" { }
|
|
|
|
|
"set +e; grep -qI . ${../secret.nix}; echo $? > $out") == 0;
|
2020-04-27 05:41:54 +04:00
|
|
|
secretnix = import ../secret.nix;
|
2020-04-29 03:18:36 +04:00
|
|
|
secrets = if !unlocked || isNull secretnix then
|
|
|
|
|
builtins.trace "secret.nix locked, building without any secrets"
|
|
|
|
|
(mapAttrs (n: v: null) options.secrets)
|
2020-02-17 17:00:59 +04:00
|
|
|
else
|
|
|
|
|
secretnix;
|
|
|
|
|
in { inherit secrets; };
|
|
|
|
|
}
|
