SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-03-23 17:48:28 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: SebastianStork:4887e06117d49b607688e4e4cde5df9ff0c2ed5e
Branches Tags
SebastianStork:main
SebastianStork:dependabot/github_actions/cachix/cachix-action-17
SebastianStork:deploy
SebastianStork:deployed/srv-core
SebastianStork:deployed/vps-ns
SebastianStork:deployed/vps-www
SebastianStork:testing-srv-core
..
compare: SebastianStork:371fc984068696f308691a3608749a81e76c055e
Branches Tags
SebastianStork:dependabot/github_actions/cachix/cachix-action-17
SebastianStork:deploy
SebastianStork:deployed/srv-core
SebastianStork:deployed/vps-ns
SebastianStork:deployed/vps-www
SebastianStork:main
SebastianStork:testing-srv-core

No commits in common. "4887e06117d49b607688e4e4cde5df9ff0c2ed5e" and "371fc984068696f308691a3608749a81e76c055e" have entirely different histories.
4887e06117 ... 371fc98406

7 changed files with 22 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

4
hosts/homeserver/default.nix
View file

@ -29,14 +29,14 @@
gui.domain = "syncthing.${privateDomain}";
doBackups = true;
};
};
web-services = {
atuin = {
enable = true;
domain = "atuin.${privateDomain}";
};
};
web-services = {
filebrowser = {
enable = true;
domain = "files.${privateDomain}";

4
modules/home/programs/git.nix
View file

@ -4,7 +4,7 @@
config = lib.mkIf config.custom.programs.git.enable {
sops.secrets =
config.custom.sops.secretsData.ssh-key
config.custom.sops.secrets.ssh-key
|> lib.mapAttrs' (
name: _: lib.nameValuePair "ssh-key/${name}" { path = "${config.home.homeDirectory}/.ssh/${name}"; }
);
@ -42,7 +42,7 @@
lazygit.enable = true;
ssh.matchBlocks =
config.custom.sops.secretsData.ssh-key
config.custom.sops.secrets.ssh-key
|> lib.mapAttrs (name: _: { identityFile = config.sops.secrets."ssh-key/${name}".path; });
};
};

18
modules/home/sops.nix
View file

@ -25,7 +25,7 @@ in
type = self.lib.types.existingPath;
default = "${self}/users/${config.home.username}/@${osConfig.networking.hostName}/secrets.json";
};
secretsData = lib.mkOption {
secrets = lib.mkOption {
type = lib.types.anything;
default = cfg.secretsFile |> lib.readFile |> lib.strings.fromJSON;
};
@ -38,21 +38,11 @@ in
};
assertions =
(
config.sops.secrets
|> lib.attrNames
|> lib.map (secretPath: {
assertion = cfg.secretsData |> lib.hasAttrByPath (secretPath |> lib.splitString "/");
message = "Sops secret `${secretPath}` is used in a module but not defined in secrets.json";
})
)
++ (
lib.removeAttrs cfg.secretsData [ "sops" ]
|> lib.mapAttrsToListRecursive (path: _: path |> lib.concatStringsSep "/")
|> lib.map (secretPath: {
assertion = config.sops.secrets |> lib.hasAttr secretPath;
message = "Sops secret `${secretPath}` is defined in secrets.json but not used in any module";
})
);
assertion = cfg.secrets |> lib.hasAttrByPath (secretPath |> lib.splitString "/");
message = "Sops secret `${secretPath}` must be defined in secrets.json";
});
};
}

2
modules/nixos/networking/underlay.nix
View file

@ -33,7 +33,7 @@ in
enable = lib.mkEnableOption "";
networks = lib.mkOption {
type = lib.types.listOf lib.types.nonEmptyStr;
default = config.custom.sops.secretsData.iwd |> lib.attrNames;
default = config.custom.sops.secrets.iwd |> lib.attrNames;
};
};
};

4
modules/nixos/web-services/atuin.nix → modules/nixos/services/atuin.nix
View file

@ -1,10 +1,10 @@
{ config, lib, ... }:
let
cfg = config.custom.web-services.atuin;
cfg = config.custom.services.atuin;
dataDir = "/var/lib/atuin";
in
{
options.custom.web-services.atuin = {
options.custom.services.atuin = {
enable = lib.mkEnableOption "";
domain = lib.mkOption {
type = lib.types.nonEmptyStr;

2
modules/nixos/services/syncthing.nix
View file

@ -11,7 +11,7 @@ let
inherit (config.services.syncthing) dataDir;
useSopsSecrets = config.custom.sops.secretsData |> lib.hasAttr "syncthing";
useSopsSecrets = config.custom.sops.secrets |> lib.hasAttr "syncthing";
in
{
options.custom.services.syncthing = {

18
modules/nixos/sops.nix
View file

@ -21,7 +21,7 @@ in
type = self.lib.types.existingPath;
default = "${self}/hosts/${config.networking.hostName}/secrets.json";
};
secretsData = lib.mkOption {
secrets = lib.mkOption {
type = lib.types.anything;
default = cfg.secretsFile |> lib.readFile |> lib.strings.fromJSON;
};
@ -36,21 +36,11 @@ in
};
assertions =
(
config.sops.secrets
|> lib.attrNames
|> lib.map (secretPath: {
assertion = cfg.secretsData |> lib.hasAttrByPath (secretPath |> lib.splitString "/");
message = "Sops secret `${secretPath}` is used in a module but not defined in secrets.json";
})
)
++ (
lib.removeAttrs cfg.secretsData [ "sops" ]
|> lib.mapAttrsToListRecursive (path: _: path |> lib.concatStringsSep "/")
|> lib.map (secretPath: {
assertion = config.sops.secrets |> lib.hasAttr secretPath;
message = "Sops secret `${secretPath}` is defined in secrets.json but not used in any module";
})
);
assertion = cfg.secrets |> lib.hasAttrByPath (secretPath |> lib.splitString "/");
message = "Sops secret `${secretPath}` must be defined in secrets.json";
});
};
}