From 792007ac4f7db856d28134652aba5c754e72eea1 Mon Sep 17 00:00:00 2001 From: Dmitriy Pleshevskiy Date: Wed, 19 Oct 2022 19:17:37 +0300 Subject: [PATCH] refac secrets, make some data public --- secrets.config.nix => .agenix_config.nix | Bin .envrc | 2 +- .gitattributes | 6 ++---- machines/asus-gl553vd/default.nix | 6 +----- machines/home/default.nix | 5 +---- ...counts.nix => mailserver-accounts.secret.nix} | Bin machines/magenta/services/mailserver.nix | 2 +- .../modules/networking.secret.nix | Bin users/jan/accounts.secret.nix | Bin 0 -> 1319 bytes users/jan/home.nix | 12 +++++------- users/jan/secrets.nix | Bin 2166 -> 0 bytes 11 files changed, 11 insertions(+), 22 deletions(-) rename secrets.config.nix => .agenix_config.nix (100%) rename machines/magenta/services/{mailserver-accounts.nix => mailserver-accounts.secret.nix} (100%) rename secrets.nix => machines/modules/networking.secret.nix (100%) create mode 100644 users/jan/accounts.secret.nix delete mode 100644 users/jan/secrets.nix diff --git a/secrets.config.nix b/.agenix_config.nix similarity index 100% rename from secrets.config.nix rename to .agenix_config.nix diff --git a/.envrc b/.envrc index f025931..dc897fd 100644 --- a/.envrc +++ b/.envrc @@ -1,3 +1,3 @@ use flake -export RULES=./secrets.config.nix +export RULES=./.agenix_config.nix diff --git a/.gitattributes b/.gitattributes index b79f44d..ffc88f7 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,6 +1,4 @@ -**/secrets.nix filter=git-crypt diff=git-crypt +**/*.secret.nix filter=git-crypt diff=git-crypt -secrets.config.nix filter=git-crypt diff=git-crypt +.agenix_config.nix filter=git-crypt diff=git-crypt **/*.age filter=git-crypt diff=git-crypt - -machines/magenta/services/mailserver-accounts.nix filter=git-crypt diff=git-crypt diff --git a/machines/asus-gl553vd/default.nix b/machines/asus-gl553vd/default.nix index afbd5ac..454534e 100644 --- a/machines/asus-gl553vd/default.nix +++ b/machines/asus-gl553vd/default.nix @@ -1,8 +1,5 @@ { config, pkgs, lib, ... }: -let - secrets = import ../../secrets.nix; -in { imports = [ # Include the results of the hardware scan. @@ -13,6 +10,7 @@ in ../modules/fonts.nix ../modules/gnupg.nix ../modules/nix.nix + ../modules/networking.secret.nix ]; # Use latest kernel @@ -30,7 +28,6 @@ in networking = { hostName = "laptop"; # Define your hostname. - inherit (secrets.networking) extraHosts; useDHCP = false; interfaces = { @@ -43,7 +40,6 @@ in # enable bluetooth hardware.bluetooth.enable = true; - services.blueman.enable = true; # configure mouse and touchpad services.xserver.libinput = { diff --git a/machines/home/default.nix b/machines/home/default.nix index 981e5d2..c1c4ce3 100644 --- a/machines/home/default.nix +++ b/machines/home/default.nix @@ -1,8 +1,5 @@ { config, pkgs, lib, ... }: -let - secrets = import ../../secrets.nix; -in { imports = [ # Include the results of the hardware scan. @@ -14,6 +11,7 @@ in ../modules/gnupg.nix ../modules/nix.nix ../modules/garbage-collector.nix + ../modules/networking.secret.nix ]; # Configure kernel @@ -33,7 +31,6 @@ in networking = { hostName = "home"; # Define your hostname. - inherit (secrets.networking) extraHosts; useDHCP = false; interfaces = { diff --git a/machines/magenta/services/mailserver-accounts.nix b/machines/magenta/services/mailserver-accounts.secret.nix similarity index 100% rename from machines/magenta/services/mailserver-accounts.nix rename to machines/magenta/services/mailserver-accounts.secret.nix diff --git a/machines/magenta/services/mailserver.nix b/machines/magenta/services/mailserver.nix index dcde596..25e1a03 100644 --- a/machines/magenta/services/mailserver.nix +++ b/machines/magenta/services/mailserver.nix @@ -1,7 +1,7 @@ { ... }: { - imports = [ ./mailserver-accounts.nix ]; + imports = [ ./mailserver-accounts.secret.nix ]; # See: https://nixos-mailserver.readthedocs.io/en/latest/options.html mailserver = { diff --git a/secrets.nix b/machines/modules/networking.secret.nix similarity index 100% rename from secrets.nix rename to machines/modules/networking.secret.nix diff --git a/users/jan/accounts.secret.nix b/users/jan/accounts.secret.nix new file mode 100644 index 0000000000000000000000000000000000000000..59fd0fe35802260b01d4facf7310888f01069488 GIT binary patch literal 1319 zcmV+?1=#ukM@dveQdv+`00|@KpKd%6{!YJoIYFiW^Fqx&=bebnlV{eAV6~!2h&R^x zlRG&b^Q7Wz*k61SrO6h|5Mer{6eaCp5kQ8f4<5~_kfxMRl{V=U&ne@3B}Lr&^Mh|` zURabI?l$&v^wfYEmp9^R-@8g4wR;1UVW$v-xxnq{t^CX;0eZvOpjX{fT@}3Tpi=JT zlUC<{Ei&YX074E?>IanMisA-!tQV>``WTYeG_!_c_7IaM+mfN#(UX7yStGmj2VSs* z`*^=|a{e^;A|w4Cg#KYDq70)tI^%juee@nl=b*-voImf9SnuQ9F1#)PwP8ta4<*o` zu*)7Wb{>D=oFC%+=+7tPIQjmklJv8@^EU{+0oXx9W*t1uH=DDFy3KRKG@PwJ`;zO}--FE`tXrmQ2!sYMxnI=xpHIxdHOt zcP%b{d8O%=RQF>G{JwL~j9AMmOXI; zlhC{vy;UIu7fgoTRRT9jw!Sj@)Kwj9mW^+jeYwSIzHNCQzQ+Z6iXn{I#~uL05w)}O zYVm8yqFT!#rFu!rS?lG*=$~wq@bcOEGt9j%eZ6)@VBxPJMd|wl&qGGXFW{oaET4z( zM5IGl^RR2inO>|WEG0M5-uSuCB5)yuwJ8diTQjSq36B%7;lK?UsLXJ=aA|cumi~_h znQEa<&H_XI^uoZ#5%X16SP~WreD8uxKTF0+j{zI3GQl0mzH(eHIDczfAWg~0$oDw1 zd5?FZ1#x%}X{sPX>tu~GCC+M}s|2{Oq<1H!P;DCMf1Aq==}k{@n$5iOHB6qMA~6WF zCLX!dmx@ecDmI!+uGLuG$fl*X>-|#t?5#RFdUXcNr7I#D{=PW#zG%#pRFOrfBi}rd z{|pz)cEe!VFb|D;+^Ub+qga#YP^wNccPT3N`9bX~!LmPQd`!>Bp67;O5<){mRz zgI?Cy2ARZY*nDGf#!9UQjYf}+nbo#(Xqn6%(_Ivc#yEaK5F|TjW`-qehxOSzG*rqwsxLom&F9&Cx(O1*N;ku1gw{(0 zxUtYCJY&u|5pu{w%uLzC`>WN2^0-{4-8k-AWJjvg6mcx?+&-2Bz?vQ`aMqQ#cVVJj z`oSb*0kc0d4CWnkQCN@Q@xT=)BP%EW=|PX;@Y{MNUkg{dQG^+xA3)BK+>bh~cX)7S zRkGdWt3DLC@OCj$dyHFI*CINf@TyH3Nfk dIwngz!nOoSm^3mZT8f(iFClXQ;5&zL#uuhs3J4{Y@l&Gxdv9F$6AZhH>Zgnk z067i(q6~~(K->xa!_VsjR>4e0NFPK>(J*|UQr&%2MCa|F=QYl(jYR<;;CqWW%6dS! zV;sgEw;YiJY6*IoGw_Xyb)i98;}H)i zN26lacUF$wYjTvv4I)Ce7r%}Yt`=~R;80%0-hWhu9r8JYa<%qTlbblLpQVFr35tP0}#Rm6BNkc z-2!9B7Ch;HBO@R zw{U=d?Lc@^UF_ooM-pEZzH2#;I^=w6B;y!R9%9rq?k8ekjKYGFov+v%A^Z8)!v%aQ zS8!|HX$oG>4-ND1m_Pf+1wyRN%8FEj9?pRS3*YAKHj)<%`5_87Gh3~-Dv4D5(W-I9 zB*RoMIJhqH#Q5zON|u981f;ZfJL0yIP*$-A$TwiHA_UadEY#A`-Fmv=pEIrUupAlQq|kL7VG_PJlt z&6iX3vpzW7X3Wwc%wldFwdcOe$nlXWM!IBaIU#rg>KX))!>N4Xk@$Ebr`=gHz0}{J zt|j53uIgewY&k^m+&eSgDGgVa{3{xMS zM-}wtx`8w#4}Td9JTK4l(%7_lpM&lD%pw7KA??Q3R5_tG6IR-&8!C2O`VW~9zq-y{ zDfEd&>Wa?S!pe8g=1DVt50;`+U1j!u)3V2qF=kPWP%p_X(HxDk#U2=MUu!9%a9D&J z+`Jp2X-!^rhGyRej9`wY-C`0^E|0dP87Ee;`8vK}r0h%yV^kX3dn{I8YUSs}0EzW@ z>nPJWtPhFmW|Uj={XpZ69l>JtZNyLvG{oyBXl(#B>1`II3$?yo#xx#~db_SESziQH zZpG3X#636dKsZnLpKDCC{U9sSze`xNJic9Mkp_$Dx4I7j@9%z3d}(TsuRlg*X-Sc4 zvHy%*5nu{-?Rkl@%RO&`%;o#GR#F}2g*mG&534&|&tpVBIx&be0F_LCj(iX|9B(VT z(Bf-hnS-dl;5NAa-YYlgYmFJEo)HWVhBg&Biv1lC4o_%KC76}=WON6d3sO-$ClX?` zeyK;`2P>+hOjHn%PD&4LRl{aP*7`q(c3@yM`KA`(trY3yE4NaBh`>HceM*t{tzA3U ziKO+M+5>qP9ej^dQv?j38w0C3-W@oedORKkzz?=o_;tm45O1nV_~CRO$bmE@5D8qa zPGJQe9?f$zi8jE#n=(D#$J%7ld+iRQFowdhdgIQrCPBrBDtfoAk;4{h!K8*YKcvft z$A7q_8A`OUeM`jcmgru|(+zPbS{6+dLKrDh0X~;=o-hNf=n=1mB<$B2fZV_#>|fq$ z*9ctt>RV=-V$eFwVhsBouQbG_rlP(Sb~rr-^Ld@4!73cjK4}~QGN<^Sk;45 zy%0S6_i*;}*InZ+Hc{)=tAx@BA7ms*Zk#SZ--80OKJ&n%tV(x~of-^Nfj+k$*m^k$ zBrw*raj1DPp>j3M4n*lV@2(IgctH0Ak5JtqgN|8HSptE_rEAht;u>X`poBtNw;tAx zv%uUyC(d~r7NO#cj6Ja-W3e5Ei1=M6a#ZvY+Ut+YE<2Uq?Or5->+S3E9MfLTtsmU= zyBu=Kr+sTS16r=PY*FGE}@;tbHK>5U`zq=cbSB zH!9@3G%5aZ<}i_rz-eePq)<$cyYikOzq(BjeI2Zn?*D!Or1iTJg({7$-mdXx=+M=I z$KA;-ovsA-5b1tW#4)Pa;o_d-(o7RjQp~)TQFK5mo$jzeas?p6F=C_i({UyfuE4YM zwb`A7(JAs#`pDdV+Ih;+MvkuRMTEKyI@n6D2(0k9YdWE@=8T-kLO1pPEEQY?G^(hC z;%0Z*qE6?hq5>d<@jgRCTtGOHKARtqsPGC5IsHP#KJsa9y*=()PwzBI9FV_Cb$jq3(sRvWe?s7hVU`Xx^gV3V!#qs3+>33y`IsxWER|I=;x^?CjbBd