From c61a73db3486c590fd822c3ffacc5072689ef700 Mon Sep 17 00:00:00 2001 From: Alexander Bantyev Date: Tue, 12 Jan 2021 15:13:03 +0300 Subject: [PATCH] MOOOOAAAAAR SECRETS --- modules/applications/yt-utilities.nix | 2 +- modules/secrets.nix | 11 ++++++++--- modules/workspace/gnome3/default.nix | 12 ++++++++---- 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/modules/applications/yt-utilities.nix b/modules/applications/yt-utilities.nix index 7379740..9589a94 100644 --- a/modules/applications/yt-utilities.nix +++ b/modules/applications/yt-utilities.nix @@ -3,7 +3,7 @@ home.activation.yt-config = "$DRY_RUN_CMD ln -sf $VERBOSE_ARG ${config.secrets-envsubst.yt} $HOME/.yt.yaml"; }; secrets-envsubst.yt = { - secrets = [ "user" "template" ]; + secrets = [ "user" "token" ]; owner = "balsoft:users"; template = builtins.toJSON { yt-token = "$user"; diff --git a/modules/secrets.nix b/modules/secrets.nix index 3ccff11..78fb2a8 100755 --- a/modules/secrets.nix +++ b/modules/secrets.nix @@ -93,6 +93,12 @@ let }); mkServices = name: cfg: [ (decrypt name cfg) (addDependencies name cfg) ]; + + allServices = toString + (map (name: "${name}-envsubst.service") + (builtins.attrNames config.secrets-envsubst) + ++ map (name: "${name}-secrets.service") + (builtins.attrNames config.secrets)); in { options.secrets = lib.mkOption { type = attrsOf (submodule secret); }; config.systemd.services = @@ -113,15 +119,14 @@ in { pkgs.writeShellScript "push" "${pkgs.git}/bin/git push origin master" } "$HOME/.password-store/.git/hooks/post-commit" cat $HOME/.password-store/email/balsoft@balsoft.ru.gpg | ${pkgs.gnupg}/bin/gpg --decrypt > /dev/null - sudo systemctl start --all '*-secrets.service' '*-envsubst.service' + sudo systemctl restart ${allServices} '') ]; config.security.sudo.extraRules = [{ users = [ "balsoft" ]; commands = [{ - command = - "/run/current-system/sw/bin/systemctl start --all '*-secrets.service' '*-envsubst.service'"; + command = "/run/current-system/sw/bin/systemctl restart ${allServices}"; options = [ "NOPASSWD" ]; }]; }]; diff --git a/modules/workspace/gnome3/default.nix b/modules/workspace/gnome3/default.nix index 44e365b..26238bf 100644 --- a/modules/workspace/gnome3/default.nix +++ b/modules/workspace/gnome3/default.nix @@ -2,24 +2,28 @@ services.gnome3 = { core-os-services.enable = true; core-utilities.enable = true; + evolution-data-server.enable = true; sushi.enable = true; tracker.enable = true; tracker-miners.enable = true; gnome-settings-daemon.enable = true; glib-networking.enable = true; + gnome-keyring.enable = true; + gnome-online-accounts.enable = true; + gnome-online-miners.enable = true; }; services.gvfs.enable = true; services.geoclue2.enable = true; home-manager.users.balsoft = { xdg.userDirs.enable = true; home.activation.gnome = '' - $DRY_RUN_CMD mkdir -p "$XDG_DATA_HOME/keyrings/Default_keyring" - $DRY_RUN_CMD cp -f ${config.secrets-envsubst.gnome-keyring} "$XDG_DATA_HOME/keyrings/Default_keyring.keyring" + $DRY_RUN_CMD mkdir -p "$XDG_DATA_HOME/keyrings" + $DRY_RUN_CMD ln -sf ${config.secrets-envsubst.gnome-keyring} "$XDG_DATA_HOME/keyrings/Default_keyring.keyring" echo "Default_keyring" > "$XDG_DATA_HOME/keyrings/default" $DRY_RUN_CMD mkdir -p "$XDG_CONFIG_HOME/goa-1.0" - $DRY_RUN_CMD cp -f ${./accounts.conf} "$XDG_CONFIG_HOME/goa-1.0/accounts.conf" + $DRY_RUN_CMD ln -sf ${./accounts.conf} "$XDG_CONFIG_HOME/goa-1.0/accounts.conf" $DRY_RUN_CMD mkdir -p "$XDG_CONFIG_HOME/evolution/sources" - $DRY_RUN_CMD cp -f ${./nextcloud.source} "$XDG_CONFIG_HOME/evolution/sources/nextcloud.source" + $DRY_RUN_CMD ln -sf ${./nextcloud.source} "$XDG_CONFIG_HOME/evolution/sources/nextcloud.source" ''; dconf.settings = {