refac secrets, make some data public

2022-10-19 19:17:37 +03:00 · 2022-10-19 19:17:37 +03:00 · 792007ac4f
parent 338ff92eb2
commit 792007ac4f
11 changed files with 11 additions and 22 deletions
--- a/.agenix_config.nix
+++ b/.agenix_config.nix
--- a/.envrc
+++ b/.envrc
@ -1,3 +1,3 @@
 use flake

-export RULES=./secrets.config.nix
+export RULES=./.agenix_config.nix
--- a/.gitattributes
+++ b/.gitattributes
@ -1,6 +1,4 @@
-**/secrets.nix filter=git-crypt diff=git-crypt
+**/*.secret.nix filter=git-crypt diff=git-crypt

-secrets.config.nix filter=git-crypt diff=git-crypt
+.agenix_config.nix filter=git-crypt diff=git-crypt
 **/*.age filter=git-crypt diff=git-crypt
-
-machines/magenta/services/mailserver-accounts.nix filter=git-crypt diff=git-crypt
--- a/machines/asus-gl553vd/default.nix
+++ b/machines/asus-gl553vd/default.nix
@ -1,8 +1,5 @@
 { config, pkgs, lib, ... }:

-let
-  secrets = import ../../secrets.nix;
-in
 {
  imports = [
    # Include the results of the hardware scan.
@ -13,6 +10,7 @@ in
    ../modules/fonts.nix
    ../modules/gnupg.nix
    ../modules/nix.nix
+    ../modules/networking.secret.nix
  ];

  # Use latest kernel
@ -30,7 +28,6 @@ in

  networking = {
    hostName = "laptop"; # Define your hostname.
-    inherit (secrets.networking) extraHosts;

    useDHCP = false;
    interfaces = {
@ -43,7 +40,6 @@ in

  # enable bluetooth
  hardware.bluetooth.enable = true;
-  services.blueman.enable = true;

  # configure mouse and touchpad
  services.xserver.libinput = {
--- a/machines/home/default.nix
+++ b/machines/home/default.nix
@ -1,8 +1,5 @@
 { config, pkgs, lib, ... }:

-let
-  secrets = import ../../secrets.nix;
-in
 {
  imports = [
    # Include the results of the hardware scan.
@ -14,6 +11,7 @@ in
    ../modules/gnupg.nix
    ../modules/nix.nix
    ../modules/garbage-collector.nix
+    ../modules/networking.secret.nix
  ];

  # Configure kernel
@ -33,7 +31,6 @@ in

  networking = {
    hostName = "home"; # Define your hostname.
-    inherit (secrets.networking) extraHosts;

    useDHCP = false;
    interfaces = {
--- a/machines/magenta/services/mailserver-accounts.secret.nix
+++ b/machines/magenta/services/mailserver-accounts.secret.nix
--- a/machines/magenta/services/mailserver.nix
+++ b/machines/magenta/services/mailserver.nix
@ -1,7 +1,7 @@
 { ... }:

 {
-  imports = [ ./mailserver-accounts.nix ];
+  imports = [ ./mailserver-accounts.secret.nix ];

  # See: https://nixos-mailserver.readthedocs.io/en/latest/options.html
  mailserver = {
--- a/machines/modules/networking.secret.nix
+++ b/machines/modules/networking.secret.nix
--- a/users/jan/accounts.secret.nix
+++ b/users/jan/accounts.secret.nix
--- a/users/jan/home.nix
+++ b/users/jan/home.nix
@ -1,10 +1,9 @@
 { config, lib, pkgs, ... }:

-let
-  secrets = import ./secrets.nix;
-in
 {
  imports = [
+    ./accounts.secret.nix
+
    ../modules/window_manager
    ../modules/terminal.nix
    ../modules/shell.nix
@ -48,8 +47,9 @@ in
  ];

  local.git = {
-    gpgKey = secrets.gpgSigningKey;
-    inherit (secrets) userName userEmail;
+    gpgKey = "7685890DCD544AF1507A84F21B59187B161C0215";
+    userEmail = "dmitriy@ideascup.me";
+    userName = "Dmitriy Pleshevskiy";
    git-crypt.enable = true;
  };

@ -58,8 +58,6 @@ in
    eval $(kubectl completion zsh)
  '';

-  accounts.email.accounts = secrets.emailAccounts;
-
  home.file = {
    "scripts" = {
      source = ./scripts;
--- a/users/jan/secrets.nix
+++ b/users/jan/secrets.nix