secrets module overhaul, moving back to bitwarden, removed glauca dyndns

2026-02-09 12:29:19 -08:00 · 2021-09-01 05:44:04 +01:00 · 2021-09-01 05:44:04 +01:00 · 57b35ead89
commit 57b35ead89
parent 1391eabee4
26 changed files with 190 additions and 192 deletions
--- a/config/users/kat/media/syncplay.nix
+++ b/config/users/kat/media/syncplay.nix
@ -3,9 +3,12 @@
 with lib;

 {
-  kw.secrets = [
-    "syncplay-pass"
-  ];
+  kw.secrets.variables = {
+    syncplay-pass = {
+      path = "services/media/syncplay";
+      field = "password";
+    };
+  };

  programs.syncplay = {
    enable = true;
--- a/config/users/kat/personal/bitw.nix
+++ b/config/users/kat/personal/bitw.nix
@ -1,7 +1,7 @@
 { config, pkgs, lib, ... }: with lib; {
  programs.rbw = {
    enable = true;
-    package = mkIf config.deploy.profile.trusted (pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.kw.repoSecrets.bitw.source} "$@"'');
+    package = mkIf config.deploy.profile.trusted (pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.kw.secrets.repo.bitw.source} "$@"'');
    settings = {
      email = "kat@kittywit.ch";
      base_url = "https://vault.kittywit.ch";
--- a/config/users/kat/personal/taskwarrior.nix
+++ b/config/users/kat/personal/taskwarrior.nix
@ -1,7 +1,15 @@
 { config, pkgs, tf, lib, ... }:

+with lib;
+
 {
-  kw.secrets = [ "taskwarrior-key" "taskwarrior-creds" ];
+  kw.secrets.variables = let
+    fieldAdapt = field: if field == "key" then "notes" else field;
+  in mapListToAttrs (field:
+  nameValuePair "taskwarrior-${field}" {
+    path = "services/taskwarrior";
+    field = fieldAdapt field;
+  }) ["key" "credentials"];

  secrets.files = {
    taskw_key = {
@ -11,7 +19,7 @@
    };
    taskw_config = {
      text = ''
-        taskd.credentials=${tf.variables.taskwarrior-creds.ref}
+        taskd.credentials=${tf.variables.taskwarrior-credentials.ref}
      '';
      owner = "kat";
      group = "users";
--- a/config/users/kat/personal/weechat.nix
+++ b/config/users/kat/personal/weechat.nix
@ -3,7 +3,7 @@
 {
  home.file = lib.mkIf config.deploy.profile.trusted (
    let
-      bitw = pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.kw.repoSecrets.bitw.source} "$@"'';
+      bitw = pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.kw.secrets.repo.bitw.source} "$@"'';
    in
    {
      ".local/share/weechat/sec.conf".text = ''
--- a/config/users/kat/services/weechat/default.nix
+++ b/config/users/kat/services/weechat/default.nix
@ -1,10 +1,16 @@
 { config, lib, nixos, pkgs, tf, ... }:

 {
-  kw.secrets = [
-    "matrix-pass"
-    "znc-pass"
-  ];
+  kw.secrets.variables = {
+    matrix-pass = {
+      path = "social/matrix";
+      field = "password";
+    };
+    znc-pass = {
+      path = "social/irc/znc";
+      field = "password";
+    };
+  };

  secrets.files.weechat-sec = {
    text = ''