diff options
Diffstat (limited to 'nix/modules/secrets.nix')
| -rw-r--r-- | nix/modules/secrets.nix | 210 |
1 files changed, 97 insertions, 113 deletions
diff --git a/nix/modules/secrets.nix b/nix/modules/secrets.nix index f68ed40..dc0a7c3 100644 --- a/nix/modules/secrets.nix +++ b/nix/modules/secrets.nix @@ -1,134 +1,118 @@ { config, ... }: { sops = { - defaultSopsFile = if config.monorepo.profiles.server.enable - then ../secrets/vps_secrets.yaml - else ../secrets/secrets.yaml; + defaultSopsFile = + if config.monorepo.profiles.server.enable + then ../secrets/vps_secrets.yaml + else ../secrets/secrets.yaml; - templates = if config.monorepo.profiles.server.enable then { - "public-inbox-netrc" = { - owner = "public-inbox"; - group = "public-inbox"; - mode = "0400"; - content = (builtins.concatStringsSep "\n" (builtins.map (x: "machine mail.${config.monorepo.vars.orgHost} login ${x}@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}") config.monorepo.vars.projects)) + '' -machine mail.${config.monorepo.vars.orgHost} login discussion@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}''; - }; - "matterbridge" = { - owner = "matterbridge"; - content = '' -[irc.myirc] -Server="127.0.0.1:6667" -Nick="bridge" -RemoteNickFormat="[{PROTOCOL}] <{NICK}> " -UseTLS=false + templates = + if config.monorepo.profiles.server.enable then { + "public-inbox-netrc" = { + owner = "public-inbox"; + group = "public-inbox"; + mode = "0400"; + content = (builtins.concatStringsSep "\n" (builtins.map (x: "machine mail.${config.monorepo.vars.orgHost} login ${x}@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}") config.monorepo.vars.projects)) + '' + machine mail.${config.monorepo.vars.orgHost} login discussion@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}''; + }; + "matterbridge" = { + owner = "matterbridge"; + content = '' + [irc.myirc] + Server="127.0.0.1:6667" + Nick="bridge" + RemoteNickFormat="[{PROTOCOL}] <{NICK}> " + UseTLS=false -[telegram.mytelegram] -Token="${config.sops.placeholder.telegram_token}" -RemoteNickFormat="<({PROTOCOL}){NICK}> " -MessageFormat="HTMLNick :" -QuoteFormat="{MESSAGE} (re @{QUOTENICK}: {QUOTEMESSAGE})" -QuoteLengthLimit=46 -IgnoreMessages="^/" + [telegram.mytelegram] + Token="${config.sops.placeholder.telegram_token}" + RemoteNickFormat="<({PROTOCOL}){NICK}> " + MessageFormat="HTMLNick :" + QuoteFormat="{MESSAGE} (re @{QUOTENICK}: {QUOTEMESSAGE})" + QuoteLengthLimit=46 + IgnoreMessages="^/" -[discord.mydiscord] -Token="${config.sops.placeholder.discord_token}" -Server="Null Identity" -AutoWebHooks=true -RemoteNickFormat="[{PROTOCOL}] <{NICK}> " -PreserveThreading=true + [discord.mydiscord] + Token="${config.sops.placeholder.discord_token}" + Server="Null Identity" + AutoWebHooks=true + RemoteNickFormat="[{PROTOCOL}] <{NICK}> " + PreserveThreading=true -[[gateway]] -name="gateway1" -enable=true + [[gateway]] + name="gateway1" + enable=true -[[gateway.inout]] -account="irc.myirc" -channel="#nullring" + [[gateway.inout]] + account="irc.myirc" + channel="#nullring" -[[gateway.inout]] -account="discord.mydiscord" -channel="ID:996282946879242262" + [[gateway.inout]] + account="discord.mydiscord" + channel="ID:996282946879242262" -[[gateway.inout]] -account="telegram.mytelegram" -channel="-5290629325" -''; - }; - } else {}; + [[gateway.inout]] + account="telegram.mytelegram" + channel="-5290629325" + ''; + }; + } else { }; age = { keyFile = "/home/${config.monorepo.vars.userName}/.config/sops/age/keys.txt"; }; - secrets = if ! config.monorepo.profiles.server.enable then { - mail = { - format = "yaml"; - }; - cloudflare-dns = { - format = "yaml"; - }; - digikey = { - format = "yaml"; - }; - dn42 = { - format = "yaml"; - }; - } else { - znc = { - format = "yaml"; - }; - znc_password_salt = { - format = "yaml"; - }; - znc_password_hash = { - format = "yaml"; - }; - matrix_bridge = { - format = "yaml"; - }; - livekit_secret = { - format = "yaml"; - mode = "0444"; - }; - livekit = { - format = "yaml"; - }; - mail_password = { - format = "yaml"; - owner = "maddy"; - }; - - mail_monorepo_password = { - format = "yaml"; - owner = "maddy"; - }; + secrets = + if config.monorepo.profiles.desktop.enable then { + mail = { + format = "yaml"; + }; + cloudflare-dns = { + format = "yaml"; + }; + digikey = { + format = "yaml"; + }; + dn42 = { + format = "yaml"; + }; + } else { + znc = { + format = "yaml"; + }; + znc_password_salt = { + format = "yaml"; + }; + znc_password_hash = { + format = "yaml"; + }; + matrix_bridge = { + format = "yaml"; + }; + mail_password = { + format = "yaml"; + owner = "maddy"; + }; - mail_monorepo_password_pi = { - format = "yaml"; - owner = "public-inbox"; - }; + mail_monorepo_password_pi = { + format = "yaml"; + owner = "public-inbox"; + }; - conduit_secrets = { - format = "yaml"; - }; - mautrix_env = { - format = "yaml"; + mautrix_env = { + format = "yaml"; + }; + telegram_token = { + format = "yaml"; + }; + discord_token = { + format = "yaml"; + }; + mpd_password = { + format = "yaml"; + owner = "nginx"; + }; }; - telegram_token = { - format = "yaml"; - }; - discord_token = { - format = "yaml"; - }; - mpd_password = { - format = "yaml"; - owner = "nginx"; - }; - ntfy = { - format = "yaml"; - owner = "ntfy-sh"; - }; - }; }; } |