refac secrets, make some data public
This commit is contained in:
parent
338ff92eb2
commit
792007ac4f
11 changed files with 11 additions and 22 deletions
2
.envrc
2
.envrc
|
@ -1,3 +1,3 @@
|
|||
use flake
|
||||
|
||||
export RULES=./secrets.config.nix
|
||||
export RULES=./.agenix_config.nix
|
||||
|
|
6
.gitattributes
vendored
6
.gitattributes
vendored
|
@ -1,6 +1,4 @@
|
|||
**/secrets.nix filter=git-crypt diff=git-crypt
|
||||
**/*.secret.nix filter=git-crypt diff=git-crypt
|
||||
|
||||
secrets.config.nix filter=git-crypt diff=git-crypt
|
||||
.agenix_config.nix filter=git-crypt diff=git-crypt
|
||||
**/*.age filter=git-crypt diff=git-crypt
|
||||
|
||||
machines/magenta/services/mailserver-accounts.nix filter=git-crypt diff=git-crypt
|
||||
|
|
|
@ -1,8 +1,5 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
secrets = import ../../secrets.nix;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
|
@ -13,6 +10,7 @@ in
|
|||
../modules/fonts.nix
|
||||
../modules/gnupg.nix
|
||||
../modules/nix.nix
|
||||
../modules/networking.secret.nix
|
||||
];
|
||||
|
||||
# Use latest kernel
|
||||
|
@ -30,7 +28,6 @@ in
|
|||
|
||||
networking = {
|
||||
hostName = "laptop"; # Define your hostname.
|
||||
inherit (secrets.networking) extraHosts;
|
||||
|
||||
useDHCP = false;
|
||||
interfaces = {
|
||||
|
@ -43,7 +40,6 @@ in
|
|||
|
||||
# enable bluetooth
|
||||
hardware.bluetooth.enable = true;
|
||||
services.blueman.enable = true;
|
||||
|
||||
# configure mouse and touchpad
|
||||
services.xserver.libinput = {
|
||||
|
|
|
@ -1,8 +1,5 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
secrets = import ../../secrets.nix;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
|
@ -14,6 +11,7 @@ in
|
|||
../modules/gnupg.nix
|
||||
../modules/nix.nix
|
||||
../modules/garbage-collector.nix
|
||||
../modules/networking.secret.nix
|
||||
];
|
||||
|
||||
# Configure kernel
|
||||
|
@ -33,7 +31,6 @@ in
|
|||
|
||||
networking = {
|
||||
hostName = "home"; # Define your hostname.
|
||||
inherit (secrets.networking) extraHosts;
|
||||
|
||||
useDHCP = false;
|
||||
interfaces = {
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
imports = [ ./mailserver-accounts.nix ];
|
||||
imports = [ ./mailserver-accounts.secret.nix ];
|
||||
|
||||
# See: https://nixos-mailserver.readthedocs.io/en/latest/options.html
|
||||
mailserver = {
|
||||
|
|
BIN
users/jan/accounts.secret.nix
Normal file
BIN
users/jan/accounts.secret.nix
Normal file
Binary file not shown.
|
@ -1,10 +1,9 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
secrets = import ./secrets.nix;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
./accounts.secret.nix
|
||||
|
||||
../modules/window_manager
|
||||
../modules/terminal.nix
|
||||
../modules/shell.nix
|
||||
|
@ -48,8 +47,9 @@ in
|
|||
];
|
||||
|
||||
local.git = {
|
||||
gpgKey = secrets.gpgSigningKey;
|
||||
inherit (secrets) userName userEmail;
|
||||
gpgKey = "7685890DCD544AF1507A84F21B59187B161C0215";
|
||||
userEmail = "dmitriy@ideascup.me";
|
||||
userName = "Dmitriy Pleshevskiy";
|
||||
git-crypt.enable = true;
|
||||
};
|
||||
|
||||
|
@ -58,8 +58,6 @@ in
|
|||
eval $(kubectl completion zsh)
|
||||
'';
|
||||
|
||||
accounts.email.accounts = secrets.emailAccounts;
|
||||
|
||||
home.file = {
|
||||
"scripts" = {
|
||||
source = ./scripts;
|
||||
|
|
Binary file not shown.
Loading…
Reference in a new issue