refac secrets, make some data public

2022-10-19 19:17:37 +03:00 · 2022-10-19 19:17:37 +03:00 · 792007ac4f
commit 792007ac4f
parent 338ff92eb2
11 changed files with 11 additions and 22 deletions
--- a/.agenix_config.nix
+++ b/.agenix_config.nix
--- a/.envrc
+++ b/.envrc
@ -1,3 +1,3 @@
 use flake
-export RULES=./secrets.config.nix
+export RULES=./.agenix_config.nix
--- a/.gitattributes
+++ b/.gitattributes
@ -1,6 +1,4 @@
-**/secrets.nix filter=git-crypt diff=git-crypt
+**/*.secret.nix filter=git-crypt diff=git-crypt
-secrets.config.nix filter=git-crypt diff=git-crypt
+.agenix_config.nix filter=git-crypt diff=git-crypt
 **/*.age filter=git-crypt diff=git-crypt
 machines/magenta/services/mailserver-accounts.nix filter=git-crypt diff=git-crypt
--- a/machines/asus-gl553vd/default.nix
+++ b/machines/asus-gl553vd/default.nix
@ -1,8 +1,5 @@
 { config, pkgs, lib, ... }:
 let
  secrets = import ../../secrets.nix;
 in
 {
  imports = [
    # Include the results of the hardware scan.
@ -13,6 +10,7 @@ in
    ../modules/fonts.nix
    ../modules/gnupg.nix
    ../modules/nix.nix
    ../modules/networking.secret.nix
  ];
  # Use latest kernel
@ -30,7 +28,6 @@ in
  networking = {
    hostName = "laptop"; # Define your hostname.
    inherit (secrets.networking) extraHosts;
    useDHCP = false;
    interfaces = {
@ -43,7 +40,6 @@ in
  # enable bluetooth
  hardware.bluetooth.enable = true;
  services.blueman.enable = true;
  # configure mouse and touchpad
  services.xserver.libinput = {
--- a/machines/home/default.nix
+++ b/machines/home/default.nix
@ -1,8 +1,5 @@
 { config, pkgs, lib, ... }:
 let
  secrets = import ../../secrets.nix;
 in
 {
  imports = [
    # Include the results of the hardware scan.
@ -14,6 +11,7 @@ in
    ../modules/gnupg.nix
    ../modules/nix.nix
    ../modules/garbage-collector.nix
    ../modules/networking.secret.nix
  ];
  # Configure kernel
@ -33,7 +31,6 @@ in
  networking = {
    hostName = "home"; # Define your hostname.
    inherit (secrets.networking) extraHosts;
    useDHCP = false;
    interfaces = {
--- a/machines/magenta/services/mailserver-accounts.secret.nix
+++ b/machines/magenta/services/mailserver-accounts.secret.nix
--- a/machines/magenta/services/mailserver.nix
+++ b/machines/magenta/services/mailserver.nix
@ -1,7 +1,7 @@
 { ... }:
 {
-  imports = [ ./mailserver-accounts.nix ];
+  imports = [ ./mailserver-accounts.secret.nix ];
  # See: https://nixos-mailserver.readthedocs.io/en/latest/options.html
  mailserver = {
--- a/machines/modules/networking.secret.nix
+++ b/machines/modules/networking.secret.nix
--- a/users/jan/accounts.secret.nix
+++ b/users/jan/accounts.secret.nix
--- a/users/jan/home.nix
+++ b/users/jan/home.nix
@ -1,10 +1,9 @@
 { config, lib, pkgs, ... }:
 let
  secrets = import ./secrets.nix;
 in
 {
  imports = [
    ./accounts.secret.nix
    ../modules/window_manager
    ../modules/terminal.nix
    ../modules/shell.nix
@ -48,8 +47,9 @@ in
  ];
  local.git = {
-    gpgKey = secrets.gpgSigningKey;
+    gpgKey = "7685890DCD544AF1507A84F21B59187B161C0215";
-    inherit (secrets) userName userEmail;
+    userEmail = "dmitriy@ideascup.me";
    userName = "Dmitriy Pleshevskiy";
    git-crypt.enable = true;
  };
@ -58,8 +58,6 @@ in
    eval $(kubectl completion zsh)
  '';
  accounts.email.accounts = secrets.emailAccounts;
  home.file = {
    "scripts" = {
      source = ./scripts;
--- a/users/jan/secrets.nix
+++ b/users/jan/secrets.nix
`@ -1,3 +1,3 @@`
	`use flake`	`use flake`

	`export RULES=./secrets.config.nix`	`export RULES=./.agenix_config.nix`