secret.nix update

modules/applications/sylpheed.nix

@@ -19,7 +19,7 @@
       nntp_server=
       use_nntp_auth=0
       user_id=balsoft@balsoft.ru
-      password=${config.secrets.mail.password}
+      password=${config.secrets.mail.password or ""}
       inbox=inbox
       use_apop_auth=0
       remove_mail=1

modules/applications/weechat.nix

@@ -1,4 +1,4 @@
-{ pkgs, config, inputs, ... }:
+{ pkgs, lib, config, inputs, ... }:
 let
   weechat = pkgs.weechat.override {
     configure = { availablePlugins, ... }: {
@@ -17,56 +17,43 @@ in {
       "${inputs.weechat-scripts}/python/go.py";
 
     home.file.".weechat/plugins.conf".text = ''
-      [var]
+        [var]
-      lua.matrix.autojoin_on_invite = "on"
+        python.slack.auto_open_threads = "true"
-      lua.matrix.backlog_lines = "120"
+        python.slack.background_load_all_history = "true"
-      lua.matrix.debug = "off"
+        python.slack.channel_name_typing_indicator = "true"
-      lua.matrix.encrypted_message_color = "lightgreen"
+        python.slack.color_buflist_muted_channels = "darkgray"
-      lua.matrix.homeserver_url = "https://matrix.balsoft.ru/"
+        python.slack.color_edited_suffix = "095"
-      lua.matrix.local_echo = "on"
+        python.slack.color_reaction_suffix = "darkgray"
-      lua.matrix.nick_style = "nick"
+        python.slack.color_thread_suffix = "lightcyan"
-      lua.matrix.password = "${config.secrets.matrix.password}"
+        python.slack.colorize_private_chats = "false"
-      lua.matrix.presence_filter = "on"
+        python.slack.debug_level = "3"
-      lua.matrix.read_receipts = "on"
+        python.slack.debug_mode = "false"
-      lua.matrix.timeout = "20"
+        python.slack.distracting_channels = ""
-      lua.matrix.typing_notices = "on"
+        python.slack.external_user_suffix = "*"
-      lua.matrix.user = "${config.secrets.matrix.user}"
+        python.slack.files_download_location = "/home/balsoft/Downloads/slack"
-      python.slack.auto_open_threads = "true"
+        python.slack.group_name_prefix = "&"
-      python.slack.background_load_all_history = "true"
+        python.slack.map_underline_to = "_"
-      python.slack.channel_name_typing_indicator = "true"
+        python.slack.migrated = "true"
-      python.slack.color_buflist_muted_channels = "darkgray"
+        python.slack.muted_channels_activity = "personal_highlights"
-      python.slack.color_edited_suffix = "095"
+        python.slack.never_away = "false"
-      python.slack.color_reaction_suffix = "darkgray"
+        python.slack.notify_usergroup_handle_updated = "false"
-      python.slack.color_thread_suffix = "lightcyan"
+        python.slack.record_events = "false"
-      python.slack.colorize_private_chats = "false"
+        python.slack.render_bold_as = "bold"
-      python.slack.debug_level = "3"
+        python.slack.render_italic_as = "italic"
-      python.slack.debug_mode = "false"
+        python.slack.send_typing_notice = "true"
-      python.slack.distracting_channels = ""
+        python.slack.server_aliases = ""
-      python.slack.external_user_suffix = "*"
+        python.slack.shared_name_prefix = "%"
-      python.slack.files_download_location = "/home/balsoft/Downloads/slack"
+        python.slack.short_buffer_names = "false"
-      python.slack.group_name_prefix = "&"
+        python.slack.show_buflist_presence = "true"
-      python.slack.map_underline_to = "_"
+        python.slack.show_reaction_nicks = "true"
-      python.slack.migrated = "true"
+        python.slack.slack_api_token = "${if isNull config.secrets.slack-term then "" else config.secrets.slack-term}"
-      python.slack.muted_channels_activity = "personal_highlights"
+        python.slack.slack_timeout = "20000"
-      python.slack.never_away = "false"
+        python.slack.switch_buffer_on_join = "true"
-      python.slack.notify_usergroup_handle_updated = "false"
+        python.slack.thread_messages_in_channel = "false"
-      python.slack.record_events = "false"
+        python.slack.unfurl_auto_link_display = "both"
-      python.slack.render_bold_as = "bold"
+        python.slack.unfurl_ignore_alt_text = "false"
-      python.slack.render_italic_as = "italic"
+        python.slack.unhide_buffers_with_activity = "false"
-      python.slack.send_typing_notice = "true"
+      '';
-      python.slack.server_aliases = ""
-      python.slack.shared_name_prefix = "%"
-      python.slack.short_buffer_names = "false"
-      python.slack.show_buflist_presence = "true"
-      python.slack.show_reaction_nicks = "true"
-      python.slack.slack_api_token = "${config.secrets.slack-term}"
-      python.slack.slack_timeout = "20000"
-      python.slack.switch_buffer_on_join = "true"
-      python.slack.thread_messages_in_channel = "false"
-      python.slack.unfurl_auto_link_display = "both"
-      python.slack.unfurl_ignore_alt_text = "false"
-      python.slack.unhide_buffers_with_activity = "false"
-    '';
 
     home.file.".weechat/weechat.conf".text = ''
       #

modules/applications/yt-utilities.nix

@@ -1,5 +1,5 @@
-{ pkgs, config, lib, ... }: {
+{ pkgs, config, lib, ... }: lib.mkIf (! isNull config.secrets.yt-utilities) {
-  home-manager.users.balsoft = lib.mkIf (config.deviceSpecific.goodMachine) {
+  home-manager.users.balsoft =  {
     home.file.".yt.yaml".text = builtins.toJSON {
       yt-token = config.secrets.yt-utilities.token;
       user = config.secrets.yt-utilities.user;
@@ -10,6 +10,5 @@
       since = "1997-11-19";
       severity = "Info";
     };
-    # home.packages = [ pkgs.yt-utilities ];
   };
 }

modules/mailserver.nix

@@ -66,12 +66,14 @@ in {
     ];
     dnsBlacklistOverrides = ''
       balsoft.ru OK
-      ${builtins.concatStringsSep " OK \n" (builtins.attrNames config.devices)} OK
+      ${
+        builtins.concatStringsSep " OK \n" (builtins.attrNames config.devices)
+      } OK
       192.168.0.0/16 OK
     '';
   };
-  mailserver = {
+  mailserver = lib.mkIf (! isNull config.secrets.mail) {
-    enable = ! isNull config.secrets.mail.host;
+    enable = true;
     fqdn = config.secrets.mail.host;
     domains = [ config.secrets.mail.host ];
     loginAccounts = {

modules/matrix-synapse.nix

@@ -1,4 +1,4 @@
-{ pkgs, config, lib, ... }: {
+{ pkgs, config, lib, ... }: lib.mkIf (! isNull config.secrets.matrix) {
   services.matrix-synapse = {
     enable = true;
     allow_guest_access = true;

modules/openvpn.nix

@@ -1,5 +1,5 @@
 { pkgs, config, lib, ... }:
-{
+lib.mkIf (! isNull config.secrets.openvpn) {
   services.openvpn = {
     servers = {
       client = {

modules/secrets.nix

@@ -3,47 +3,52 @@ with lib;
 with types;
 let
   secret = description:
-  mkOption {
+    mkOption {
-    inherit description;
+      inherit description;
-    type = nullOr str;
+      type = nullOr str;
-  };
+    };
   mkCredOption = service: extra:
-  mkOption {
+    mkOption {
-    description = "Credentials for ${service}";
+      description = "Credentials for ${service}";
-    type = nullOr (submodule {
+      type = nullOr (submodule {
-      options = {
+        options = {
-        user = mkOption {
+          user = mkOption {
-          type = str;
+            type = str;
-          description = "Username for ${service}";
+            description = "Username for ${service}";
-        };
+          };
-        password = mkOption {
+          password = mkOption {
-          type = str;
+            type = str;
-          description = "Password for ${service}";
+            description = "Password for ${service}";
-        };
+          };
-      } // extra;
+        } // extra;
-    });
+      });
-  };
+    };
 in rec {
   options.secrets = {
     owm-key = secret "OpenWeatherMap key";
     irc = mkCredOption "IRC (konversation)" { };
-    slack-term = mkOption { type = str; };
+    slack-term = secret "slack token";
-    yt-utilities = {
+    yt-utilities = mkOption {
-      user = secret "youtrack user";
+      description = "youtrack";
-      url = secret "youtrack url";
+      type = nullOr (submodule {
-      token =  secret "youtrack token";
+        options = {
-      source = {
+          user = secret "youtrack user";
-        url = secret "A url to yt-utilities source";
+          url = secret "youtrack url";
-        rev = secret "revision";
+          token = secret "youtrack token";
-        sha256 = secret "sha256";
+        };
-      };
+      });
     };
     wage = secret "wage (sum CURRENCY/TIME, like 10EUR/h)";
-    gcal = {
+    gcal = mkOption {
-      email = mkOption { type = lib.types.str; };
+      description = "Google calendar auth";
-      client-id = mkOption { type = lib.types.str; };
+      type = nullOr (submodule {
-      client-secret = mkOption { type = lib.types.str; };
+        options = {
-      refresh-token = mkOption { type = lib.types.str; };
+          email = mkOption { type = lib.types.str; };
+          client-id = mkOption { type = lib.types.str; };
+          client-secret = mkOption { type = lib.types.str; };
+          refresh-token = mkOption { type = lib.types.str; };
+        };
+      });
     };
     mail = mkCredOption "email" {
       host = mkOption {
@@ -57,20 +62,25 @@ in rec {
         description = "Android device ID";
       };
     };
-    openvpn = mkCredOption "openvpn" {};
+    openvpn = mkCredOption "openvpn" { };
     rclone = mkOption {
       type = nullOr str;
       description = "Rclone config";
     };
-    ssl = rec {
+    ssl = mkOption {
-      cert = mkOption {
+      description = "Certs";
-        type = nullOr str;
+      type = nullOr (submodule {
-        description = "SSL certificate";
+        options = {
-      };
+          cert = mkOption {
-      priv = mkOption {
+            type = nullOr str;
-        type = nullOr str;
+            description = "SSL certificate";
-        description = "SSL RSA private key";
+          };
-      };
+          priv = mkOption {
+            type = nullOr str;
+            description = "SSL RSA private key";
+          };
+        };
+      });
     };
     matrix = mkCredOption "matrix" rec {
       shared_secret = mkOption {
@@ -78,21 +88,19 @@ in rec {
         description = "A shared secret for matrix instance";
       };
       mautrix-whatsapp = {
-        config = mkOption {
+        config = mkOption { type = attrs; };
-          type = attrs;
+        registration = mkOption { type = attrs; };
-        };
-        registration = mkOption {
-          type = attrs;
-        };
       };
       mautrix-telegram = mautrix-whatsapp;
     };
   };
   config = let
-    unlocked = import (pkgs.runCommand "check-secret" {} "set +e; grep -qI . ${../secret.nix}; echo $? > $out") == 0;
+    unlocked = import (pkgs.runCommand "check-secret" { }
+      "set +e; grep -qI . ${../secret.nix}; echo $? > $out") == 0;
     secretnix = import ../secret.nix;
-    secrets = if ! unlocked || isNull secretnix then
+    secrets = if !unlocked || isNull secretnix then
-      mapAttrs (n: v: null) options.secrets
+      builtins.trace "secret.nix locked, building without any secrets"
+      (mapAttrs (n: v: null) options.secrets)
     else
       secretnix;
   in { inherit secrets; };

modules/workspace/gcalcli.nix

@@ -1,5 +1,5 @@
 { pkgs, lib, config, ... }: {
-  home-manager.users.balsoft = {
+  home-manager.users.balsoft = lib.mkIf (! isNull config.secrets.gcal) {
     home.file.".gcalcli_oauth.home".text = lib.optionals
     (!(isNull config.secrets.gcal)) (builtins.toJSON {
       access_token = "";

modules/workspace/i3blocks/default.nix

@@ -36,21 +36,18 @@ in {
   in ''
     interval=60
     markup=pango
-  '' + genIniOrdered (optional (config.secrets ? mail) (scr "email") ++ [
+  '' + genIniOrdered (optional (!isNull config.secrets.mail) (scr "email")
-    (scrint "weather" 600)
+    ++ [ (scrint "weather" 600) (scr "calendar") (scr "emacs") ]
-    (scr "calendar")
+    ++ optional (!isNull config.secrets.wage) (scrint "youtrack-wage" 3600)
-    (scr "emacs")
+    ++ [ (scrint "music" 10) (scrint "sound" 5) ] ++ [
-    (scrint "youtrack-wage" 3600)
+      (scrint "cpu" 5)
-    (scrint "music" 10)
+      (scrint "freq" 10)
-    (scrint "sound" 5)
+      (scr "temperature")
-  ] ++ [
+      (scrint "free" 10)
-    (scrint "cpu" 5)
+    ] ++ optionals config.deviceSpecific.isLaptop [
-    (scrint "freq" 10)
+      (scr "battery")
-    (scr "temperature")
+      (scrint "brightness" 5)
-    (scrint "free" 10)
+    ]
-  ] ++ optionals config.deviceSpecific.isLaptop [
+    ++ optional (config.deviceSpecific.devInfo ? bigScreen) (scrint "network" 1)
-    (scr "battery")
-    (scrint "brightness" 5)
-  ] ++ optional (config.deviceSpecific.devInfo ? bigScreen) (scrint "network" 1)
     ++ [ (scrint "connections" 10) (scr "df") (scr "date") (scrint "time" 1) ]);
 }

modules/workspace/rclone.nix

@@ -1,5 +1,5 @@
 { pkgs, config, lib, ... }: {
-  home-manager.users.balsoft = {
+  home-manager.users.balsoft = lib.mkIf (!isNull config.secrets.rclone) {
     xdg.configFile."rclone/rclone.conf.home".text = config.secrets.rclone;
     home.activation."rclone" = {
       after = [ "linkGeneration" ];
@@ -16,15 +16,15 @@
     xsession.windowManager.i3.config.startup = [
       {
         command =
-        "${pkgs.rclone}/bin/rclone mount google:/ '/home/balsoft/cloud/Google Drive' --daemon";
+          "${pkgs.rclone}/bin/rclone mount google:/ '/home/balsoft/cloud/Google Drive' --daemon";
       }
       {
         command =
-        "${pkgs.rclone}/bin/rclone mount Yandex:/ '/home/balsoft/cloud/Yandex Disk' --daemon";
+          "${pkgs.rclone}/bin/rclone mount Yandex:/ '/home/balsoft/cloud/Yandex Disk' --daemon";
       }
       {
         command =
-        "${pkgs.rclone}/bin/rclone mount Dropbox:/ '/home/balsoft/cloud/Dropbox' --daemon";
+          "${pkgs.rclone}/bin/rclone mount Dropbox:/ '/home/balsoft/cloud/Dropbox' --daemon";
       }
     ];
   };