diff --git a/modules/applications/sylpheed.nix b/modules/applications/sylpheed.nix index 9eccda3..7ba6d15 100644 --- a/modules/applications/sylpheed.nix +++ b/modules/applications/sylpheed.nix @@ -19,7 +19,7 @@ nntp_server= use_nntp_auth=0 user_id=balsoft@balsoft.ru - password=${config.secrets.mail.password} + password=${config.secrets.mail.password or ""} inbox=inbox use_apop_auth=0 remove_mail=1 diff --git a/modules/applications/weechat.nix b/modules/applications/weechat.nix index fb763e4..1a009a0 100644 --- a/modules/applications/weechat.nix +++ b/modules/applications/weechat.nix @@ -1,4 +1,4 @@ -{ pkgs, config, inputs, ... }: +{ pkgs, lib, config, inputs, ... }: let weechat = pkgs.weechat.override { configure = { availablePlugins, ... }: { @@ -17,56 +17,43 @@ in { "${inputs.weechat-scripts}/python/go.py"; home.file.".weechat/plugins.conf".text = '' - [var] - lua.matrix.autojoin_on_invite = "on" - lua.matrix.backlog_lines = "120" - lua.matrix.debug = "off" - lua.matrix.encrypted_message_color = "lightgreen" - lua.matrix.homeserver_url = "https://matrix.balsoft.ru/" - lua.matrix.local_echo = "on" - lua.matrix.nick_style = "nick" - lua.matrix.password = "${config.secrets.matrix.password}" - lua.matrix.presence_filter = "on" - lua.matrix.read_receipts = "on" - lua.matrix.timeout = "20" - lua.matrix.typing_notices = "on" - lua.matrix.user = "${config.secrets.matrix.user}" - python.slack.auto_open_threads = "true" - python.slack.background_load_all_history = "true" - python.slack.channel_name_typing_indicator = "true" - python.slack.color_buflist_muted_channels = "darkgray" - python.slack.color_edited_suffix = "095" - python.slack.color_reaction_suffix = "darkgray" - python.slack.color_thread_suffix = "lightcyan" - python.slack.colorize_private_chats = "false" - python.slack.debug_level = "3" - python.slack.debug_mode = "false" - python.slack.distracting_channels = "" - python.slack.external_user_suffix = "*" - python.slack.files_download_location = "/home/balsoft/Downloads/slack" - python.slack.group_name_prefix = "&" - python.slack.map_underline_to = "_" - python.slack.migrated = "true" - python.slack.muted_channels_activity = "personal_highlights" - python.slack.never_away = "false" - python.slack.notify_usergroup_handle_updated = "false" - python.slack.record_events = "false" - python.slack.render_bold_as = "bold" - python.slack.render_italic_as = "italic" - python.slack.send_typing_notice = "true" - python.slack.server_aliases = "" - python.slack.shared_name_prefix = "%" - python.slack.short_buffer_names = "false" - python.slack.show_buflist_presence = "true" - python.slack.show_reaction_nicks = "true" - python.slack.slack_api_token = "${config.secrets.slack-term}" - python.slack.slack_timeout = "20000" - python.slack.switch_buffer_on_join = "true" - python.slack.thread_messages_in_channel = "false" - python.slack.unfurl_auto_link_display = "both" - python.slack.unfurl_ignore_alt_text = "false" - python.slack.unhide_buffers_with_activity = "false" - ''; + [var] + python.slack.auto_open_threads = "true" + python.slack.background_load_all_history = "true" + python.slack.channel_name_typing_indicator = "true" + python.slack.color_buflist_muted_channels = "darkgray" + python.slack.color_edited_suffix = "095" + python.slack.color_reaction_suffix = "darkgray" + python.slack.color_thread_suffix = "lightcyan" + python.slack.colorize_private_chats = "false" + python.slack.debug_level = "3" + python.slack.debug_mode = "false" + python.slack.distracting_channels = "" + python.slack.external_user_suffix = "*" + python.slack.files_download_location = "/home/balsoft/Downloads/slack" + python.slack.group_name_prefix = "&" + python.slack.map_underline_to = "_" + python.slack.migrated = "true" + python.slack.muted_channels_activity = "personal_highlights" + python.slack.never_away = "false" + python.slack.notify_usergroup_handle_updated = "false" + python.slack.record_events = "false" + python.slack.render_bold_as = "bold" + python.slack.render_italic_as = "italic" + python.slack.send_typing_notice = "true" + python.slack.server_aliases = "" + python.slack.shared_name_prefix = "%" + python.slack.short_buffer_names = "false" + python.slack.show_buflist_presence = "true" + python.slack.show_reaction_nicks = "true" + python.slack.slack_api_token = "${if isNull config.secrets.slack-term then "" else config.secrets.slack-term}" + python.slack.slack_timeout = "20000" + python.slack.switch_buffer_on_join = "true" + python.slack.thread_messages_in_channel = "false" + python.slack.unfurl_auto_link_display = "both" + python.slack.unfurl_ignore_alt_text = "false" + python.slack.unhide_buffers_with_activity = "false" + ''; home.file.".weechat/weechat.conf".text = '' # diff --git a/modules/applications/yt-utilities.nix b/modules/applications/yt-utilities.nix index cf127f4..07d279e 100644 --- a/modules/applications/yt-utilities.nix +++ b/modules/applications/yt-utilities.nix @@ -1,5 +1,5 @@ -{ pkgs, config, lib, ... }: { - home-manager.users.balsoft = lib.mkIf (config.deviceSpecific.goodMachine) { +{ pkgs, config, lib, ... }: lib.mkIf (! isNull config.secrets.yt-utilities) { + home-manager.users.balsoft = { home.file.".yt.yaml".text = builtins.toJSON { yt-token = config.secrets.yt-utilities.token; user = config.secrets.yt-utilities.user; @@ -10,6 +10,5 @@ since = "1997-11-19"; severity = "Info"; }; - # home.packages = [ pkgs.yt-utilities ]; }; } diff --git a/modules/mailserver.nix b/modules/mailserver.nix index f6f58e2..8c8876a 100644 --- a/modules/mailserver.nix +++ b/modules/mailserver.nix @@ -66,12 +66,14 @@ in { ]; dnsBlacklistOverrides = '' balsoft.ru OK - ${builtins.concatStringsSep " OK \n" (builtins.attrNames config.devices)} OK + ${ + builtins.concatStringsSep " OK \n" (builtins.attrNames config.devices) + } OK 192.168.0.0/16 OK ''; }; - mailserver = { - enable = ! isNull config.secrets.mail.host; + mailserver = lib.mkIf (! isNull config.secrets.mail) { + enable = true; fqdn = config.secrets.mail.host; domains = [ config.secrets.mail.host ]; loginAccounts = { diff --git a/modules/matrix-synapse.nix b/modules/matrix-synapse.nix index a5ef2f5..fb8f967 100644 --- a/modules/matrix-synapse.nix +++ b/modules/matrix-synapse.nix @@ -1,4 +1,4 @@ -{ pkgs, config, lib, ... }: { +{ pkgs, config, lib, ... }: lib.mkIf (! isNull config.secrets.matrix) { services.matrix-synapse = { enable = true; allow_guest_access = true; diff --git a/modules/openvpn.nix b/modules/openvpn.nix index cb6e7c2..3c0b712 100644 --- a/modules/openvpn.nix +++ b/modules/openvpn.nix @@ -1,5 +1,5 @@ { pkgs, config, lib, ... }: -{ +lib.mkIf (! isNull config.secrets.openvpn) { services.openvpn = { servers = { client = { diff --git a/modules/secrets.nix b/modules/secrets.nix index b63b90a..de263d7 100755 --- a/modules/secrets.nix +++ b/modules/secrets.nix @@ -3,47 +3,52 @@ with lib; with types; let secret = description: - mkOption { - inherit description; - type = nullOr str; - }; + mkOption { + inherit description; + type = nullOr str; + }; mkCredOption = service: extra: - mkOption { - description = "Credentials for ${service}"; - type = nullOr (submodule { - options = { - user = mkOption { - type = str; - description = "Username for ${service}"; - }; - password = mkOption { - type = str; - description = "Password for ${service}"; - }; - } // extra; - }); - }; + mkOption { + description = "Credentials for ${service}"; + type = nullOr (submodule { + options = { + user = mkOption { + type = str; + description = "Username for ${service}"; + }; + password = mkOption { + type = str; + description = "Password for ${service}"; + }; + } // extra; + }); + }; in rec { options.secrets = { owm-key = secret "OpenWeatherMap key"; irc = mkCredOption "IRC (konversation)" { }; - slack-term = mkOption { type = str; }; - yt-utilities = { - user = secret "youtrack user"; - url = secret "youtrack url"; - token = secret "youtrack token"; - source = { - url = secret "A url to yt-utilities source"; - rev = secret "revision"; - sha256 = secret "sha256"; - }; + slack-term = secret "slack token"; + yt-utilities = mkOption { + description = "youtrack"; + type = nullOr (submodule { + options = { + user = secret "youtrack user"; + url = secret "youtrack url"; + token = secret "youtrack token"; + }; + }); }; wage = secret "wage (sum CURRENCY/TIME, like 10EUR/h)"; - gcal = { - email = mkOption { type = lib.types.str; }; - client-id = mkOption { type = lib.types.str; }; - client-secret = mkOption { type = lib.types.str; }; - refresh-token = mkOption { type = lib.types.str; }; + gcal = mkOption { + description = "Google calendar auth"; + type = nullOr (submodule { + options = { + email = mkOption { type = lib.types.str; }; + client-id = mkOption { type = lib.types.str; }; + client-secret = mkOption { type = lib.types.str; }; + refresh-token = mkOption { type = lib.types.str; }; + }; + }); }; mail = mkCredOption "email" { host = mkOption { @@ -57,20 +62,25 @@ in rec { description = "Android device ID"; }; }; - openvpn = mkCredOption "openvpn" {}; + openvpn = mkCredOption "openvpn" { }; rclone = mkOption { type = nullOr str; description = "Rclone config"; }; - ssl = rec { - cert = mkOption { - type = nullOr str; - description = "SSL certificate"; - }; - priv = mkOption { - type = nullOr str; - description = "SSL RSA private key"; - }; + ssl = mkOption { + description = "Certs"; + type = nullOr (submodule { + options = { + cert = mkOption { + type = nullOr str; + description = "SSL certificate"; + }; + priv = mkOption { + type = nullOr str; + description = "SSL RSA private key"; + }; + }; + }); }; matrix = mkCredOption "matrix" rec { shared_secret = mkOption { @@ -78,21 +88,19 @@ in rec { description = "A shared secret for matrix instance"; }; mautrix-whatsapp = { - config = mkOption { - type = attrs; - }; - registration = mkOption { - type = attrs; - }; + config = mkOption { type = attrs; }; + registration = mkOption { type = attrs; }; }; mautrix-telegram = mautrix-whatsapp; }; }; config = let - unlocked = import (pkgs.runCommand "check-secret" {} "set +e; grep -qI . ${../secret.nix}; echo $? > $out") == 0; + unlocked = import (pkgs.runCommand "check-secret" { } + "set +e; grep -qI . ${../secret.nix}; echo $? > $out") == 0; secretnix = import ../secret.nix; - secrets = if ! unlocked || isNull secretnix then - mapAttrs (n: v: null) options.secrets + secrets = if !unlocked || isNull secretnix then + builtins.trace "secret.nix locked, building without any secrets" + (mapAttrs (n: v: null) options.secrets) else secretnix; in { inherit secrets; }; diff --git a/modules/workspace/gcalcli.nix b/modules/workspace/gcalcli.nix index 8d7aa55..bd44696 100644 --- a/modules/workspace/gcalcli.nix +++ b/modules/workspace/gcalcli.nix @@ -1,5 +1,5 @@ { pkgs, lib, config, ... }: { - home-manager.users.balsoft = { + home-manager.users.balsoft = lib.mkIf (! isNull config.secrets.gcal) { home.file.".gcalcli_oauth.home".text = lib.optionals (!(isNull config.secrets.gcal)) (builtins.toJSON { access_token = ""; diff --git a/modules/workspace/i3blocks/default.nix b/modules/workspace/i3blocks/default.nix index d4430fb..511dcb1 100644 --- a/modules/workspace/i3blocks/default.nix +++ b/modules/workspace/i3blocks/default.nix @@ -36,21 +36,18 @@ in { in '' interval=60 markup=pango - '' + genIniOrdered (optional (config.secrets ? mail) (scr "email") ++ [ - (scrint "weather" 600) - (scr "calendar") - (scr "emacs") - (scrint "youtrack-wage" 3600) - (scrint "music" 10) - (scrint "sound" 5) - ] ++ [ - (scrint "cpu" 5) - (scrint "freq" 10) - (scr "temperature") - (scrint "free" 10) - ] ++ optionals config.deviceSpecific.isLaptop [ - (scr "battery") - (scrint "brightness" 5) - ] ++ optional (config.deviceSpecific.devInfo ? bigScreen) (scrint "network" 1) + '' + genIniOrdered (optional (!isNull config.secrets.mail) (scr "email") + ++ [ (scrint "weather" 600) (scr "calendar") (scr "emacs") ] + ++ optional (!isNull config.secrets.wage) (scrint "youtrack-wage" 3600) + ++ [ (scrint "music" 10) (scrint "sound" 5) ] ++ [ + (scrint "cpu" 5) + (scrint "freq" 10) + (scr "temperature") + (scrint "free" 10) + ] ++ optionals config.deviceSpecific.isLaptop [ + (scr "battery") + (scrint "brightness" 5) + ] + ++ optional (config.deviceSpecific.devInfo ? bigScreen) (scrint "network" 1) ++ [ (scrint "connections" 10) (scr "df") (scr "date") (scrint "time" 1) ]); } diff --git a/modules/workspace/rclone.nix b/modules/workspace/rclone.nix index 9362d95..1c1fa51 100644 --- a/modules/workspace/rclone.nix +++ b/modules/workspace/rclone.nix @@ -1,5 +1,5 @@ { pkgs, config, lib, ... }: { - home-manager.users.balsoft = { + home-manager.users.balsoft = lib.mkIf (!isNull config.secrets.rclone) { xdg.configFile."rclone/rclone.conf.home".text = config.secrets.rclone; home.activation."rclone" = { after = [ "linkGeneration" ]; @@ -16,15 +16,15 @@ xsession.windowManager.i3.config.startup = [ { command = - "${pkgs.rclone}/bin/rclone mount google:/ '/home/balsoft/cloud/Google Drive' --daemon"; + "${pkgs.rclone}/bin/rclone mount google:/ '/home/balsoft/cloud/Google Drive' --daemon"; } { command = - "${pkgs.rclone}/bin/rclone mount Yandex:/ '/home/balsoft/cloud/Yandex Disk' --daemon"; + "${pkgs.rclone}/bin/rclone mount Yandex:/ '/home/balsoft/cloud/Yandex Disk' --daemon"; } { command = - "${pkgs.rclone}/bin/rclone mount Dropbox:/ '/home/balsoft/cloud/Dropbox' --daemon"; + "${pkgs.rclone}/bin/rclone mount Dropbox:/ '/home/balsoft/cloud/Dropbox' --daemon"; } ]; }; diff --git a/secret.nix b/secret.nix index 274dfff..81eaf4c 100644 Binary files a/secret.nix and b/secret.nix differ