gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: kw -> nixfiles, kw.secrets -> secrets

Browse source
This commit is contained in:
Kat Inskip 2022-10-02 14:57:26 -07:00
parent 9794026f6c
commit ece1dbe466
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
63 changed files with 180 additions and 265 deletions
Download patch file Download diff file Expand all files Collapse all files

4
modules/esphome/deploy.nix
View file

@ -102,7 +102,9 @@ in {
field = head (reverseList parts);
path = if length parts > 1 then head parts else "password";
in nameValuePair "${config.esphome.name}-secret-${name}" ({
value.shellCommand = "bitw get ${path} -f ${field}";
value.shellCommand = let
bitw = pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.network.nodes.all.${builtins.getEnv "HOME_HOSTNAME"}.secrets.repo.bitw.source} "$@"'';
in "${bitw}/bin/bitw get ${path} -f ${field}";
type = "string";
sensitive = true;
})

44
modules/home/secrets.nix
View file

@ -1,43 +1,3 @@
{ config, nixos, lib, ... }:
with lib;
let
secretType = types.submodule ({ name, ... }: {
options = {
path = mkOption { type = types.str; };
field = mkOption {
type = types.str;
default = "";
};
};
});
repoSecretType = types.submodule ({ name, ... }: {
options = {
source = mkOption {
type = types.path;
};
text = mkOption {
type = types.str;
};
};
});
cfg = config.kw.secrets;
in
{
options.kw = {
secrets = {
variables = mkOption {
type = types.attrsOf secretType;
default = { };
};
repo = mkOption {
type = types.attrsOf repoSecretType;
default = { };
};
};
};
config = {
kw.secrets.repo = nixos.kw.secrets.repo;
};
{ config, nixos, ... }: {
secrets.repo = nixos.secrets.repo;
}

10
modules/home/theme.nix
View file

@ -7,9 +7,9 @@
with lib;
let cfg = config.kw.theme; in
let cfg = config.nixfiles.theme; in
{
options.kw.theme = {
options.nixfiles.theme = {
enable = mkEnableOption "kat's theme module";
sass = {
variables = mkOption {
@ -55,7 +55,7 @@ let cfg = config.kw.theme; in
};
};
config = mkIf (cfg.enable) {
kw.theme = {
nixfiles.theme = {
base16 = lib.mapAttrs' (k: v: lib.nameValuePair k "#${v.hex}")
(lib.filterAttrs (n: _: lib.hasInfix "base" n) config.base16.defaultScheme);
base16t = lib.mapAttrs' (k: v: lib.nameValuePair "${k}t" "rgba(${toString v.red.byte}, ${toString v.green.byte}, ${toString v.blue.byte}, ${toString cfg.alpha})")
@ -132,7 +132,7 @@ let cfg = config.kw.theme; in
Install = { WantedBy = [ "sway-session.target" ]; };
};
lib.kw.sassTemplate = { name, src }:
lib.nixfiles.sassTemplate = { name, src }:
let
variables = pkgs.writeText "base-variables.sass" ''
${(concatStringsSep "\n" (mapAttrsToList(var: con: "\$${var}: ${con}") cfg.sass.variables))}
@ -153,6 +153,6 @@ let cfg = config.kw.theme; in
inherit source;
text = builtins.readFile source;
};
_module.args = { inherit (config.lib) kw; };
_module.args = { inherit (config.lib) nixfiles; };
};
}

2
modules/meta/deploy.nix
View file

@ -78,7 +78,7 @@ in
tree.impure.modules.tf
];
deploy.gcroot = {
name = mkDefault "kw-${config.name}";
name = mkDefault "nixfiles-${config.name}";
user = mkIf (builtins.getEnv "HOME_USER" != "") (mkDefault (builtins.getEnv "HOME_USER"));
};
providers.local = { };

8
modules/meta/imports.nix
View file

@ -42,24 +42,24 @@ with lib;
homeImports = [];
users = mkDefault (singleton "kat");
};
lib.kw.nixosImport = hostName: lib.nodeImport {
lib.nixfiles.nixosImport = hostName: lib.nodeImport {
inherit (config.network.importing) nixosImports homeImports users;
profiles = meta.nixos;
inherit hostName;
};
lib.kw.esphomeImport = hostName: lib.nodeImport {
lib.nixfiles.esphomeImport = hostName: lib.nodeImport {
nixosImports = config.network.importing.esphomeImports;
homeImports = [];
users = [];
profiles = { base = { }; };
inherit hostName;
};
lib.kw.darwinImport = hostName: lib.nodeImport {
lib.nixfiles.darwinImport = hostName: lib.nodeImport {
nixosImports = config.network.importing.darwinImports;
profiles = meta.darwin;
inherit (config.network.importing) homeImports users;
inherit hostName;
};
_module.args = { inherit (config.lib) kw; };
_module.args = { inherit (config.lib) nixfiles; };
};
}

4
modules/meta/network.nix
View file

@ -152,8 +152,8 @@ with lib;
extraModules = [
inputs.home-manager.darwinModules.home-manager
meta.modules.darwin
meta.modules.system.genesis
meta.modules.system
meta.modules.type
meta.system
];
specialArgs = {
@ -164,9 +164,9 @@ with lib;
nixos = {
extraModules = [
inputs.home-manager.nixosModules.home-manager
meta.modules.system.genesis
meta.modules.nixos
meta.modules.system
meta.modules.type
meta.nixos.network
meta.system
];

4
modules/meta/secrets.nix
View file

@ -1,8 +1,8 @@
{ config, pkgs, lib, ... }: with lib; {
options.kw.secrets.command = mkOption {
options.secrets.command = mkOption {
type = types.str;
default = let
bitw = pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.network.nodes.all.${builtins.getEnv "HOME_HOSTNAME"}.kw.secrets.repo.bitw.source} "$@"'';
bitw = pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.network.nodes.all.${builtins.getEnv "HOME_HOSTNAME"}.secrets.repo.bitw.source} "$@"'';
in
"${bitw}/bin/bitw get";
};

16
modules/nixos/secrets.nix
View file

@ -1,21 +1,13 @@
{ config, lib, meta, ... }:
with lib;
let
mcfg = meta.kw.secrets;
cfg = config.kw.secrets;
in
{
config = mkIf (cfg.variables != { }) {
{ config, lib, meta, ... }: with lib; {
config = mkIf (config.secrets.variables != { }) {
deploy.tf.variables = mapAttrs'
(name: content:
nameValuePair name ({
value.shellCommand = "${mcfg.command} ${content.path}" + optionalString (content.field != "") " -f ${content.field}";
value.shellCommand = "${meta.secrets.command} ${content.path}" + optionalString (content.field != "") " -f ${content.field}";
type = "string";
sensitive = true;
})
)
cfg.variables;
config.secrets.variables;
};
}

45
modules/system/secrets.nix
View file

@ -1,44 +1,3 @@
{ config, lib, meta, ... }:
with lib;
let
secretType = types.submodule ({ name, ... }: {
options = {
path = mkOption { type = types.str; };
field = mkOption {
type = types.str;
default = "";
};
};
});
repoSecretType = types.submodule ({ name, ... }: {
options = {
source = mkOption {
type = types.path;
};
text = mkOption {
type = types.str;
};
};
});
mcfg = meta.kw.secrets;
cfg = config.kw.secrets;
in
{
options.kw = {
secrets = {
variables = mkOption {
type = types.attrsOf secretType;
default = { };
};
repo = mkOption {
type = types.attrsOf repoSecretType;
default = { };
};
};
};
config = {
kw.secrets.variables = lib.mkMerge (mapAttrsToList (username: user: user.kw.secrets.variables) config.home-manager.users);
};
{ config, lib, meta, ... }: with lib; {
secrets.variables = lib.mkMerge (mapAttrsToList (username: user: user.secrets.variables) config.home-manager.users);
}

7
modules/tf/katdns.nix
View file

@ -1,16 +1,17 @@
{ config, lib, ... }: with lib; {
variables.katdns-address = {
value.shellCommand = "${meta.kw.secrets.command} secrets/katdns -f address";
value.shellCommand = "${meta.secrets.command} secrets/katdns -f address";
type = "string";
sensitive = true;
};
variables.katdns-name = {
value.shellCommand = "${meta.kw.secrets.command} secrets/katdns -f username";
value.shellCommand = "${meta.secrets.command} secrets/katdns -f username";
type = "string";
sensitive = true;
};
variables.katdns-key = {
value.shellCommand = "${meta.kw.secrets.command} secrets/katdns -f password";
value.shellCommand = "${meta.secrets.command} secrets/katdns -f password";
type = "string";
sensitive = true;
};

0
modules/type/secretType.nix → modules/type/secrets.nix
View file