balsoft/nixos-config
1
0
Fork 0
Code Issues Releases Wiki Activity

MOOOOAAAAAR SECRETS

Browse Source
This commit is contained in:
Alexander Bantyev 2021-01-12 15:13:03 +03:00
parent 327c201061
commit c61a73db34
Signed by: balsoft
GPG Key ID: E081FF12ADCB4AD5
3 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/applications/yt-utilities.nix
View File

@ -3,7 +3,7 @@
home.activation.yt-config = "$DRY_RUN_CMD ln -sf $VERBOSE_ARG ${config.secrets-envsubst.yt} $HOME/.yt.yaml";
};
secrets-envsubst.yt = {
secrets = [ "user" "template" ];
secrets = [ "user" "token" ];
owner = "balsoft:users";
template = builtins.toJSON {
yt-token = "$user";

11
modules/secrets.nix
View File

@ -93,6 +93,12 @@ let
});
mkServices = name: cfg: [ (decrypt name cfg) (addDependencies name cfg) ];
allServices = toString
(map (name: "${name}-envsubst.service")
(builtins.attrNames config.secrets-envsubst)
++ map (name: "${name}-secrets.service")
(builtins.attrNames config.secrets));
in {
options.secrets = lib.mkOption { type = attrsOf (submodule secret); };
config.systemd.services =
@ -113,15 +119,14 @@ in {
pkgs.writeShellScript "push" "${pkgs.git}/bin/git push origin master"
} "$HOME/.password-store/.git/hooks/post-commit"
cat $HOME/.password-store/email/balsoft@balsoft.ru.gpg | ${pkgs.gnupg}/bin/gpg --decrypt > /dev/null
sudo systemctl start --all '*-secrets.service' '*-envsubst.service'
sudo systemctl restart ${allServices}
'')
];
config.security.sudo.extraRules = [{
users = [ "balsoft" ];
commands = [{
command =
"/run/current-system/sw/bin/systemctl start --all '*-secrets.service' '*-envsubst.service'";
command = "/run/current-system/sw/bin/systemctl restart ${allServices}";
options = [ "NOPASSWD" ];
}];
}];

12
modules/workspace/gnome3/default.nix
View File

@ -2,24 +2,28 @@
services.gnome3 = {
core-os-services.enable = true;
core-utilities.enable = true;
evolution-data-server.enable = true;
sushi.enable = true;
tracker.enable = true;
tracker-miners.enable = true;
gnome-settings-daemon.enable = true;
glib-networking.enable = true;
gnome-keyring.enable = true;
gnome-online-accounts.enable = true;
gnome-online-miners.enable = true;
};
services.gvfs.enable = true;
services.geoclue2.enable = true;
home-manager.users.balsoft = {
xdg.userDirs.enable = true;
home.activation.gnome = ''
$DRY_RUN_CMD mkdir -p "$XDG_DATA_HOME/keyrings/Default_keyring"
$DRY_RUN_CMD cp -f ${config.secrets-envsubst.gnome-keyring} "$XDG_DATA_HOME/keyrings/Default_keyring.keyring"
$DRY_RUN_CMD mkdir -p "$XDG_DATA_HOME/keyrings"
$DRY_RUN_CMD ln -sf ${config.secrets-envsubst.gnome-keyring} "$XDG_DATA_HOME/keyrings/Default_keyring.keyring"
echo "Default_keyring" > "$XDG_DATA_HOME/keyrings/default"
$DRY_RUN_CMD mkdir -p "$XDG_CONFIG_HOME/goa-1.0"
$DRY_RUN_CMD cp -f ${./accounts.conf} "$XDG_CONFIG_HOME/goa-1.0/accounts.conf"
$DRY_RUN_CMD ln -sf ${./accounts.conf} "$XDG_CONFIG_HOME/goa-1.0/accounts.conf"
$DRY_RUN_CMD mkdir -p "$XDG_CONFIG_HOME/evolution/sources"
$DRY_RUN_CMD cp -f ${./nextcloud.source} "$XDG_CONFIG_HOME/evolution/sources/nextcloud.source"
$DRY_RUN_CMD ln -sf ${./nextcloud.source} "$XDG_CONFIG_HOME/evolution/sources/nextcloud.source"
'';
dconf.settings = {