L-Nafaryus/bonfire
L-Nafaryus/bonfire
1
0
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects 4 Releases Wiki Activity

flake: move secrets to nixosModules.bonfire
All checks were successful
nix / check (push) Successful in 1m37s
Details

Browse Source
This commit is contained in:
L-Nafaryus 2024-05-06 16:46:35 +05:00
parent 280b897d26
commit 3e8c2fc23f
Signed by: L-Nafaryus
GPG Key ID: 582F8B0866B294A1
8 changed files with 54 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitmodules vendored
View File

@ -1,3 +1,3 @@
[submodule ".secrets"]
path = .secrets
[submodule "nixosModules/bonfire/secrets"]
path = nixosModules/bonfire/secrets
url = git@vcs.elnafo.ru:L-Nafaryus/bonfire-secrets.git

1
.secrets

@ -1 +0,0 @@
Subproject commit d4c4f1fcd08c45e9056968b346184f5f80282fa2

6
flake.nix
View File

@ -44,7 +44,7 @@
modules = [
home-manager.nixosModules.home-manager
./nixosConfigurations/astora
./nixosModules/bonfire.nix
self.nixosModules.bonfire
self.nixosModules.spoofdpi
];
specialArgs = { inherit self; };
@ -57,7 +57,7 @@
sops-nix.nixosModules.sops
oscuro.nixosModules.oscuro
./nixosConfigurations/catarina
./nixosModules/bonfire.nix
self.nixosModules.bonfire
self.nixosModules.spoofdpi
self.nixosModules.papermc
self.nixosModules.qbittorrent-nox
@ -67,7 +67,7 @@
};
nixosModules = {
bonfire = import ./nixosModules/bonfire.nix;
bonfire = import ./nixosModules/bonfire { inherit self; };
spoofdpi = import ./nixosModules/spoofdpi { inherit self; };

2
nixosConfigurations/astora/users.nix
View File

@ -14,8 +14,6 @@
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
bonfire.enable = true;
home-manager.users.l-nafaryus = { pkgs, ... }: {
home.stateVersion = "23.11";
home.username = "l-nafaryus";

9
nixosConfigurations/catarina/default.nix
View File

@ -73,11 +73,8 @@ in {
};
};
sops = {
defaultSopsFile = ../../.secrets/secrets.yaml;
age.keyFile = "/var/lib/secrets/sops-nix/catarina.txt";
secrets = import ../../.secrets/sops-secrets.nix;
};
bonfire.withSecrets = true;
sops = config.bonfire.secrets.catarina.sops;
security.acme = {
acceptTerms = true;
@ -138,7 +135,7 @@ in {
openFirewall = true;
localDnsResolver = true;
loginAccounts = import ../../.secrets/mail-recipients.nix { inherit config; };
loginAccounts = config.bonfire.secrets.catarina.mailAccounts;
};
services.jellyfin = {

28
nixosModules/bonfire.nix
View File

@ -1,28 +0,0 @@
{ config, lib, ... }:
with lib;
let cfg = config.bonfire;
in {
options= {
bonfire = {
enable = mkEnableOption "Enables the Bonfire module";
home = mkOption {
type = types.path;
default = ../.;
description = "Bonfire root flake directory";
};
configDir = mkOption {
type = types.path;
default = "${config.bonfire.home}/config";
description = "Path to directory with static configuration files";
};
};
};
config = mkIf cfg.enable {
environment.sessionVariables = {
BONFIRE_HOME = cfg.home;
};
};
}

45
nixosModules/bonfire/default.nix Normal file
View File

@ -0,0 +1,45 @@
{ self, ... }:
{ config, lib, ... }:
with lib;
let cfg = config.bonfire;
in {
options= {
bonfire = {
home = mkOption {
type = types.path;
default = ../../.;
description = "Bonfire root directory";
};
configDir = mkOption {
type = types.path;
default = "${cfg.home}/config";
description = "Path to Bonfire static configuration files";
};
withSecrets = mkOption {
type = types.bool;
default = false;
description = "Enables the Bonfire secrets";
};
secrets = mkOption {
type = types.attrs;
default = {};
};
};
};
config = {
assertions = mkIf cfg.withSecrets [{
assertion = (builtins.pathExists ./secrets/default.nix);
message = "Missed git submodule 'bonfire-secrets'";
}];
environment.sessionVariables = {
BONFIRE_HOME = cfg.home;
};
bonfire.secrets = mkIf cfg.withSecrets (import ./secrets { inherit config; });
};
}

1
nixosModules/bonfire/secrets Submodule

@ -0,0 +1 @@
Subproject commit 31c9b19efdaa613e965eae25bbd2abd344a1bccf