diff --git a/SwarselSystems.org b/SwarselSystems.org index 470967e..c8b9500 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -886,8 +886,8 @@ My work machine. Built for more security, this is the gold standard of my config }; networking = { - hostName = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/worklaptop-hostname"); - fqdn = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/worklaptop-fqdn"); + hostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname"; + fqdn = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-fqdn"; firewall.enable = true; }; @@ -1341,15 +1341,19 @@ This is my main server that I run at home. It handles most tasks that require bi A Mac notebook that I have received from work. I use this machine for getting accustomed to the Apple ecosystem as well as as a sandbox for nix-darwin configurations. #+begin_src nix :tangle hosts/darwin/nbm-imba-166/default.nix - { lib, ... }: + { lib, inputs, ... }: + let + secretsDirectory = builtins.toString inputs.nix-secrets; + workUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/work-user"; + in { # Auto upgrade nix package and the daemon service. services.nix-daemon.enable = true; services.karabiner-elements.enable = true; - home-manager.users."leon.schwarzaeugl".home = { - username = lib.mkForce "leon.schwarzaeugl"; + home-manager.users.workUser.home = { + username = lib.mkForce workUser; swarselsystems = { isDarwin = true; isLaptop = true; @@ -1570,6 +1574,7 @@ This is a slim setup for developing base configuration. I do not track the hardw "${profilesPath}/nixos/optional/autologin.nix" "${profilesPath}/nixos/common/settings.nix" "${profilesPath}/nixos/common/home-manager.nix" + "${profilesPath}/nixos/common/home-manager-extra.nix" "${profilesPath}/nixos/common/xserver.nix" "${profilesPath}/nixos/common/users.nix" "${profilesPath}/nixos/common/impermanence.nix" @@ -3260,7 +3265,12 @@ This program sets up a new NixOS host locally. yellow "The ssh key for this configuration is not available." green "Adjusting flake.nix so that the configuration is buildable" sed -i '/nix-secrets = {/,/^[[:space:]]*};/d' flake.nix - git add flake.nix + rm profiles/home/common/env.nix + rm profiles/home/common/gammastep.nix + rm profiles/home/common/git.nix + rm profiles/home/common/mail.nix + rm profiles/nixos/common/home-manager-extra.nix + git add . else green "Valid SSH key found! Continuing with installation" fi @@ -4487,6 +4497,8 @@ TODO } ); + getSecret = filename: lib.strings.trim (builtins.readFile "${filename}"); + forEachSystem = f: lib.genAttrs (import systems) (system: f lib.swarselsystems.pkgsFor.${system}); mkFullHost = host: type: { @@ -4856,7 +4868,7 @@ Mostly used to install some compilers and lsp's that I want to have available wh } #+end_src -**** Setup home-manager +**** Setup home-manager base :PROPERTIES: :CUSTOM_ID: h:7f6d6908-4d02-4907-9c70-f802f4358520 :END: @@ -4869,7 +4881,20 @@ We enable the use of =home-manager= as a NixoS module. A nice trick here is the home-manager = lib.mkIf config.swarselsystems.withHomeManager { useGlobalPkgs = true; useUserPackages = true; - extraSpecialArgs = { inherit (inputs) self nix-secrets; }; + extraSpecialArgs = { inherit (inputs) self; }; + }; + } +#+end_src + +**** Setup home-manager specialArgs + +This sets up the =nix-secrets= extraSpeciaArgs. This should not be present on the =chaostheatre= configuration, which is why I split this section into its own file, which makes removal easier when setting that system up. + +#+begin_src nix :tangle profiles/nixos/common/home-manager-extra.nix + { inputs, config, lib, ... }: + { + home-manager = lib.mkIf config.swarselsystems.withHomeManager { + extraSpecialArgs = { inherit (inputs) nix-secrets; }; }; } #+end_src @@ -6293,6 +6318,7 @@ Also, the system state version is set here. No need to touch it. imports = lib.swarselsystems.mkImports importNames "profiles/nixos/server" ++ [ "${profilesPath}/nixos/common/settings.nix" "${profilesPath}/nixos/common/home-manager.nix" + "${profilesPath}/nixos/common/home-manager-extra.nix" "${profilesPath}/nixos/common/xserver.nix" "${profilesPath}/nixos/common/gc.nix" "${profilesPath}/nixos/common/store.nix" @@ -6671,10 +6697,10 @@ Here we just define some aliases for rebuilding the system, and we allow some in }; # Switch using --impure as these credential files are not stored within the flake # sops-nix is not supported for these which is why we need to resort to these - LastFM.ApiKey = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/lastfm-secret"); - LastFM.Secret = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/lastfm-key"); - Spotify.ID = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/spotify-id"); - Spotify.Secret = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/spotify-secret"); + LastFM.ApiKey = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/lastfm-secret"; + LastFM.Secret = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/lastfm-key"; + Spotify.ID = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/spotify-id"; + Spotify.Secret = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/spotify-secret"; UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png"; UIWelcomeMessage = "~SwarselSound~"; }; @@ -7489,7 +7515,7 @@ Here we just define some aliases for rebuilding the system, and we allow some in { lib, config, inputs, ... }: let secretsDirectory = builtins.toString inputs.nix-secrets; - workHostName = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/worklaptop-hostname"); + workHostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname"; in { config = lib.mkIf config.swarselsystems.server.syncthing { @@ -8990,13 +9016,29 @@ Also in firefox `about:config > toolkit.legacyUserProfileCustomizations.styleshe Sets environment variables. Here I am only setting the EDITOR variable, most variables are set in the [[#h:02df9dfc-d1af-4a37-a7a0-d8da0af96a20][Sway]] section. #+begin_src nix :tangle profiles/home/common/env.nix - { config, ... }: + { lib, config, nix-secrets, ... }: + let + secretsDirectory = builtins.toString nix-secrets; + leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon"; + nautilusMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/nautilus"; + mrswarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/mrswarsel"; + swarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/swarsel"; + fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname"; + allMailAddresses = lib.swarselsystems.getSecret "${secretsDirectory}/mail/list"; + in { home.sessionVariables = { EDITOR = "e -w"; DISPLAY = ":0"; SWARSEL_LO_RES = config.swarselsystems.lowResolution; SWARSEL_HI_RES = config.swarselsystems.highResolution; + SWARSEL_LEON_MAIL = leonMail; + SWARSEL_NAUTILUS_MAIL = nautilusMail; + SWARSEL_MRSWARSEL_MAIL = mrswarselMail; + SWARSEL_SWARSEL_MAIL = swarselMail; + SWARSEL_FULLNAME = fullName; + SWARSEL_MAIL_ALL = allMailAddresses; + }; } #+end_src @@ -9132,7 +9174,12 @@ Eza provides me with a better =ls= command and some other useful aliases. Here I set up my git config, automatic signing of commits, useful aliases for my ost used commands (for when I am not using [[#h:d2c7323d-f8c6-4f23-b70a-930e3e4ecce5][Magit]]) as well as a git template defined in [[#h:5ef03803-e150-41bc-b603-e80d60d96efc][Linking dotfiles]]. #+begin_src nix :tangle profiles/home/common/git.nix - { lib, ... }: + { lib, nix-secrets, ... }: + let + secretsDirectory = builtins.toString nix-secrets; + leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon"; + fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname"; + in { programs.git = { enable = true; @@ -9153,8 +9200,8 @@ Here I set up my git config, automatic signing of commits, useful aliases for my key = "0x76FD3810215AE097"; signByDefault = true; }; - userEmail = lib.mkDefault "leon.schwarzaeugl@gmail.com"; - userName = "Leon Schwarzäugl"; + userEmail = lib.mkDefault leonMail; + userName = fullName; difftastic.enable = true; lfs.enable = true; includes = [ @@ -9603,35 +9650,43 @@ Here we set some aliases (some of them should be shellApplications instead) as w Normally I use 4 mail accounts - here I set them all up. Three of them are Google accounts (sadly), which are a chore to setup. The last is just a sender account that I setup SMTP for here. #+begin_src nix :tangle profiles/home/common/mail.nix - { lib, config, ... }: + { lib, config, nix-secrets, ... }: + let + secretsDirectory = builtins.toString nix-secrets; + leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon"; + nautilusMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/nautilus"; + mrswarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/mrswarsel"; + swarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/swarsel"; + fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname"; + in { programs = { - mbsync = lib.mkIf (!config.swarselsystems.isPublic) { + mbsync = { enable = true; }; - msmtp = lib.mkIf (!config.swarselsystems.isPublic) { + msmtp = { enable = true; }; - mu = lib.mkIf (!config.swarselsystems.isPublic) { + mu = { enable = true; }; }; - services.mbsync = lib.mkIf (!config.swarselsystems.isPublic) { + services.mbsync = { enable = true; }; # this is needed so that mbsync can use the passwords from sops - systemd.user.services.mbsync.Unit.After = lib.mkIf (!config.swarselsystems.isPublic) [ "sops-nix.service" ]; + systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ]; accounts = { - email = lib.mkIf (!config.swarselsystems.isPublic) { + email = { maildirBasePath = "Mail"; accounts = { leon = { primary = true; - address = "leon.schwarzaeugl@gmail.com"; - userName = "leon.schwarzaeugl@gmail.com"; - realName = "Leon Schwarzäugl"; + address = leonMail; + userName = leonMail; + realName = fullName; passwordCommand = "cat ${config.sops.secrets.leon.path}"; gpg = { key = "0x76FD3810215AE097"; @@ -9660,10 +9715,10 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl }; }; - swarsel = lib.mkIf (!config.swarselsystems.isPublic) { - address = "leon@swarsel.win"; + swarsel = { + address = swarselMail; userName = "8227dc594dd515ce232eda1471cb9a19"; - realName = "Leon Schwarzäugl"; + realName = fullName; passwordCommand = "cat ${config.sops.secrets.swarselmail.path}"; smtp = { host = "in-v3.mailjet.com"; @@ -9682,10 +9737,10 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl }; }; - nautilus = lib.mkIf (!config.swarselsystems.isPublic) { + nautilus = { primary = false; - address = "nautilus.dw@gmail.com"; - userName = "nautilus.dw@gmail.com"; + address = nautilusMail; + userName = nautilusMail; realName = "Nautilus"; passwordCommand = "cat ${config.sops.secrets.nautilus.path}"; imap.host = "imap.gmail.com"; @@ -9709,10 +9764,10 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl }; }; - mrswarsel = lib.mkIf (!config.swarselsystems.isPublic) { + mrswarsel = { primary = false; - address = "mrswarsel@gmail.com"; - userName = "mrswarsel@gmail.com"; + address = mrswarselMail; + userName = mrswarselMail; realName = "Swarsel"; passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}"; imap.host = "imap.gmail.com"; @@ -10990,16 +11045,16 @@ Settinfs that are needed for the gpg-agent. Also we are enabling emacs support f This service changes the screen hue at night. I am not sure if that really does something, but I like the color anyways. #+begin_src nix :tangle profiles/home/common/gammastep.nix - { config, lib, nix-secrets, ... }: + { lib, nix-secrets, ... }: let secretsDirectory = builtins.toString nix-secrets; in { - services.gammastep = lib.mkIf (!config.swarselsystems.isPublic) { + services.gammastep = { enable = true; provider = "manual"; - latitude = lib.strings.trim (builtins.readFile "${secretsDirectory}/home/gammastep-latitude"); - longitude = lib.strings.trim (builtins.readFile "${secretsDirectory}/home/gammastep-longitude"); + latitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-latitude"; + longitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-longitude"; }; } #+end_src @@ -11138,9 +11193,9 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] { self, config, pkgs, lib, nix-secrets, ... }: let secretsDirectory = builtins.toString nix-secrets; - dcUser = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/dc-user"); - clUser = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cl-user"); - wsUser = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/ws-user"); + dcUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/dc-user"; + clUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/cl-user"; + wsUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/ws-user"; in { home.packages = with pkgs; [ @@ -11183,7 +11238,7 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] ]; programs = { - git.userEmail = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/git-email"); + git.userEmail = lib.swarselsystems.getSecret "${secretsDirectory}/work/git-email"; zsh = { shellAliases = { @@ -11206,31 +11261,31 @@ The rest of the settings is at [[#h:bbf2ecb6-c8ff-4462-b5d5-d45b28604ddf][work]] ssh = { matchBlocks = { "uc" = { - hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-prod"); + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-prod"; user = "stack"; }; "uc.stg" = { - hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-stg"); + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg"; user = "stack"; }; "uc.staging" = { - hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-stg"); + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg"; user = "stack"; }; "uc.dev" = { - hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-dev"); + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-dev"; user = "stack"; }; "cbe" = { - hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cbe-prod"); + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-prod"; user = dcUser; }; "cbe.stg" = { - hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cbe-stg"); + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg"; user = dcUser; }; "cbe.staging" = { - hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cbe-stg"); + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg"; user = dcUser; }; "*.vbc.ac.at" = { @@ -11645,8 +11700,8 @@ Used here: [[#h:b92a18cf-eec3-4605-a8c2-37133ade3574][mu4e]] (insert (format "%s <%s>" (or from-user user-full-name) from-addr))))))) (defun swarsel/mu4e-restore-default () - (setq user-mail-address "leon@swarsel.win" - user-full-name "Leon Schwarzäugl")) + (setq user-mail-address (getenv "SWARSEL_SWARSEL_MAIL") + user-full-name (getenv "SWARSEL_FULLNAME"))) #+end_src @@ -14337,11 +14392,13 @@ The hook functions are defined here: [[#h:34506761-06b9-43b5-a818-506d9b3faf28][ (:maildir "/Drafts" :key ?d) (:maildir "/All Mail" :key ?a))) - (setq user-mail-address "leon@swarsel.win" - user-full-name "Leon Schwarzäugl") + (setq user-mail-address (getenv "SWARSEL_SWARSEL_MAIL") + user-full-name (getenv "SWARSEL_FULLNAME")) - - (setq mu4e-user-mail-address-list '(leon.schwarzaeugl@gmail.com leon@swarsel.win nautilus.dw@gmail.com mrswarsel@gmail.com))) + ;; this does the equivalent of (setq mu4e-user-mail-address-list '(address1@about.com address2@about.com [...]))) + (setq mu4e-user-mail-address-list + (mapcar #'intern (split-string (or (getenv "SWARSEL_MAIL_ALL") "") "[ ,]+" t))) + ) (add-hook 'mu4e-compose-mode-hook #'swarsel/mu4e-send-from-correct-address) diff --git a/flake.lock b/flake.lock index 4548294..c672bac 100644 --- a/flake.lock +++ b/flake.lock @@ -823,10 +823,10 @@ "nix-secrets": { "flake": false, "locked": { - "lastModified": 1742580675, - "narHash": "sha256-f96bJitJyayT7gDDNJu6AAGYvRkFXMqAaoRdcHLHyAM=", + "lastModified": 1742594924, + "narHash": "sha256-3oLkbjXbOv6Xq3+LJsasyJq4jBS0VkwKsbVdTB8MGJM=", "ref": "main", - "rev": "441b5342995cabd6ef65fa4bffef973cab0ffdce", + "rev": "4ecfe7a80064e0595f386a203ba179c1a3c8bca3", "shallow": true, "type": "git", "url": "ssh://git@github.com/Swarsel/nix-secrets.git" diff --git a/hosts/darwin/nbm-imba-166/default.nix b/hosts/darwin/nbm-imba-166/default.nix index c5b5970..4b96339 100644 --- a/hosts/darwin/nbm-imba-166/default.nix +++ b/hosts/darwin/nbm-imba-166/default.nix @@ -1,12 +1,16 @@ -{ lib, ... }: +{ lib, inputs, ... }: +let + secretsDirectory = builtins.toString inputs.nix-secrets; + workUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/work-user"; +in { # Auto upgrade nix package and the daemon service. services.nix-daemon.enable = true; services.karabiner-elements.enable = true; - home-manager.users."leon.schwarzaeugl".home = { - username = lib.mkForce "leon.schwarzaeugl"; + home-manager.users.workUser.home = { + username = lib.mkForce workUser; swarselsystems = { isDarwin = true; isLaptop = true; diff --git a/hosts/nixos/nbl-imba-2/default.nix b/hosts/nixos/nbl-imba-2/default.nix index f7463f9..942d003 100644 --- a/hosts/nixos/nbl-imba-2/default.nix +++ b/hosts/nixos/nbl-imba-2/default.nix @@ -79,8 +79,8 @@ in }; networking = { - hostName = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/worklaptop-hostname"); - fqdn = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/worklaptop-fqdn"); + hostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname"; + fqdn = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-fqdn"; firewall.enable = true; }; diff --git a/hosts/nixos/toto/default.nix b/hosts/nixos/toto/default.nix index b2525c8..5bb96bb 100644 --- a/hosts/nixos/toto/default.nix +++ b/hosts/nixos/toto/default.nix @@ -15,6 +15,7 @@ in "${profilesPath}/nixos/optional/autologin.nix" "${profilesPath}/nixos/common/settings.nix" "${profilesPath}/nixos/common/home-manager.nix" + "${profilesPath}/nixos/common/home-manager-extra.nix" "${profilesPath}/nixos/common/xserver.nix" "${profilesPath}/nixos/common/users.nix" "${profilesPath}/nixos/common/impermanence.nix" diff --git a/lib/default.nix b/lib/default.nix index 8410cdc..2655819 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -22,6 +22,8 @@ } ); + getSecret = filename: lib.strings.trim (builtins.readFile "${filename}"); + forEachSystem = f: lib.genAttrs (import systems) (system: f lib.swarselsystems.pkgsFor.${system}); mkFullHost = host: type: { diff --git a/profiles/home/common/env.nix b/profiles/home/common/env.nix index 6951e5b..860e3a0 100644 --- a/profiles/home/common/env.nix +++ b/profiles/home/common/env.nix @@ -1,9 +1,25 @@ -{ config, ... }: +{ lib, config, nix-secrets, ... }: +let + secretsDirectory = builtins.toString nix-secrets; + leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon"; + nautilusMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/nautilus"; + mrswarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/mrswarsel"; + swarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/swarsel"; + fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname"; + allMailAddresses = lib.swarselsystems.getSecret "${secretsDirectory}/mail/list"; +in { home.sessionVariables = { EDITOR = "e -w"; DISPLAY = ":0"; SWARSEL_LO_RES = config.swarselsystems.lowResolution; SWARSEL_HI_RES = config.swarselsystems.highResolution; + SWARSEL_LEON_MAIL = leonMail; + SWARSEL_NAUTILUS_MAIL = nautilusMail; + SWARSEL_MRSWARSEL_MAIL = mrswarselMail; + SWARSEL_SWARSEL_MAIL = swarselMail; + SWARSEL_FULLNAME = fullName; + SWARSEL_MAIL_ALL = allMailAddresses; + }; } diff --git a/profiles/home/common/gammastep.nix b/profiles/home/common/gammastep.nix index 862b238..55bf1bf 100644 --- a/profiles/home/common/gammastep.nix +++ b/profiles/home/common/gammastep.nix @@ -1,12 +1,12 @@ -{ config, lib, nix-secrets, ... }: +{ lib, nix-secrets, ... }: let secretsDirectory = builtins.toString nix-secrets; in { - services.gammastep = lib.mkIf (!config.swarselsystems.isPublic) { + services.gammastep = { enable = true; provider = "manual"; - latitude = lib.strings.trim (builtins.readFile "${secretsDirectory}/home/gammastep-latitude"); - longitude = lib.strings.trim (builtins.readFile "${secretsDirectory}/home/gammastep-longitude"); + latitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-latitude"; + longitude = lib.swarselsystems.getSecret "${secretsDirectory}/home/gammastep-longitude"; }; } diff --git a/profiles/home/common/git.nix b/profiles/home/common/git.nix index 3334f80..793158e 100644 --- a/profiles/home/common/git.nix +++ b/profiles/home/common/git.nix @@ -1,4 +1,9 @@ -{ lib, ... }: +{ lib, nix-secrets, ... }: +let + secretsDirectory = builtins.toString nix-secrets; + leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon"; + fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname"; +in { programs.git = { enable = true; @@ -19,8 +24,8 @@ key = "0x76FD3810215AE097"; signByDefault = true; }; - userEmail = lib.mkDefault "leon.schwarzaeugl@gmail.com"; - userName = "Leon Schwarzäugl"; + userEmail = lib.mkDefault leonMail; + userName = fullName; difftastic.enable = true; lfs.enable = true; includes = [ diff --git a/profiles/home/common/mail.nix b/profiles/home/common/mail.nix index 002b1a2..e02d484 100644 --- a/profiles/home/common/mail.nix +++ b/profiles/home/common/mail.nix @@ -1,32 +1,40 @@ -{ lib, config, ... }: +{ lib, config, nix-secrets, ... }: +let + secretsDirectory = builtins.toString nix-secrets; + leonMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/leon"; + nautilusMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/nautilus"; + mrswarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/mrswarsel"; + swarselMail = lib.swarselsystems.getSecret "${secretsDirectory}/mail/swarsel"; + fullName = lib.swarselsystems.getSecret "${secretsDirectory}/info/fullname"; +in { programs = { - mbsync = lib.mkIf (!config.swarselsystems.isPublic) { + mbsync = { enable = true; }; - msmtp = lib.mkIf (!config.swarselsystems.isPublic) { + msmtp = { enable = true; }; - mu = lib.mkIf (!config.swarselsystems.isPublic) { + mu = { enable = true; }; }; - services.mbsync = lib.mkIf (!config.swarselsystems.isPublic) { + services.mbsync = { enable = true; }; # this is needed so that mbsync can use the passwords from sops - systemd.user.services.mbsync.Unit.After = lib.mkIf (!config.swarselsystems.isPublic) [ "sops-nix.service" ]; + systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ]; accounts = { - email = lib.mkIf (!config.swarselsystems.isPublic) { + email = { maildirBasePath = "Mail"; accounts = { leon = { primary = true; - address = "leon.schwarzaeugl@gmail.com"; - userName = "leon.schwarzaeugl@gmail.com"; - realName = "Leon Schwarzäugl"; + address = leonMail; + userName = leonMail; + realName = fullName; passwordCommand = "cat ${config.sops.secrets.leon.path}"; gpg = { key = "0x76FD3810215AE097"; @@ -55,10 +63,10 @@ }; }; - swarsel = lib.mkIf (!config.swarselsystems.isPublic) { - address = "leon@swarsel.win"; + swarsel = { + address = swarselMail; userName = "8227dc594dd515ce232eda1471cb9a19"; - realName = "Leon Schwarzäugl"; + realName = fullName; passwordCommand = "cat ${config.sops.secrets.swarselmail.path}"; smtp = { host = "in-v3.mailjet.com"; @@ -77,10 +85,10 @@ }; }; - nautilus = lib.mkIf (!config.swarselsystems.isPublic) { + nautilus = { primary = false; - address = "nautilus.dw@gmail.com"; - userName = "nautilus.dw@gmail.com"; + address = nautilusMail; + userName = nautilusMail; realName = "Nautilus"; passwordCommand = "cat ${config.sops.secrets.nautilus.path}"; imap.host = "imap.gmail.com"; @@ -104,10 +112,10 @@ }; }; - mrswarsel = lib.mkIf (!config.swarselsystems.isPublic) { + mrswarsel = { primary = false; - address = "mrswarsel@gmail.com"; - userName = "mrswarsel@gmail.com"; + address = mrswarselMail; + userName = mrswarselMail; realName = "Swarsel"; passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}"; imap.host = "imap.gmail.com"; diff --git a/profiles/home/optional/work.nix b/profiles/home/optional/work.nix index 1950795..823189a 100644 --- a/profiles/home/optional/work.nix +++ b/profiles/home/optional/work.nix @@ -1,9 +1,9 @@ { self, config, pkgs, lib, nix-secrets, ... }: let secretsDirectory = builtins.toString nix-secrets; - dcUser = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/dc-user"); - clUser = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cl-user"); - wsUser = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/ws-user"); + dcUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/dc-user"; + clUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/cl-user"; + wsUser = lib.swarselsystems.getSecret "${secretsDirectory}/work/ws-user"; in { home.packages = with pkgs; [ @@ -46,7 +46,7 @@ in ]; programs = { - git.userEmail = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/git-email"); + git.userEmail = lib.swarselsystems.getSecret "${secretsDirectory}/work/git-email"; zsh = { shellAliases = { @@ -69,31 +69,31 @@ in ssh = { matchBlocks = { "uc" = { - hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-prod"); + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-prod"; user = "stack"; }; "uc.stg" = { - hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-stg"); + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg"; user = "stack"; }; "uc.staging" = { - hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-stg"); + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-stg"; user = "stack"; }; "uc.dev" = { - hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/uc-dev"); + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/uc-dev"; user = "stack"; }; "cbe" = { - hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cbe-prod"); + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-prod"; user = dcUser; }; "cbe.stg" = { - hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cbe-stg"); + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg"; user = dcUser; }; "cbe.staging" = { - hostname = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/cbe-stg"); + hostname = lib.swarselsystems.getSecret "${secretsDirectory}/work/cbe-stg"; user = dcUser; }; "*.vbc.ac.at" = { diff --git a/profiles/nixos/common/home-manager-extra.nix b/profiles/nixos/common/home-manager-extra.nix new file mode 100644 index 0000000..84a5317 --- /dev/null +++ b/profiles/nixos/common/home-manager-extra.nix @@ -0,0 +1,6 @@ +{ inputs, config, lib, ... }: +{ + home-manager = lib.mkIf config.swarselsystems.withHomeManager { + extraSpecialArgs = { inherit (inputs) nix-secrets; }; + }; +} diff --git a/profiles/nixos/common/home-manager.nix b/profiles/nixos/common/home-manager.nix index 89400a4..e8ebd6c 100644 --- a/profiles/nixos/common/home-manager.nix +++ b/profiles/nixos/common/home-manager.nix @@ -3,6 +3,6 @@ home-manager = lib.mkIf config.swarselsystems.withHomeManager { useGlobalPkgs = true; useUserPackages = true; - extraSpecialArgs = { inherit (inputs) self nix-secrets; }; + extraSpecialArgs = { inherit (inputs) self; }; }; } diff --git a/profiles/nixos/server/default.nix b/profiles/nixos/server/default.nix index eabc687..3bdf181 100644 --- a/profiles/nixos/server/default.nix +++ b/profiles/nixos/server/default.nix @@ -7,6 +7,7 @@ in imports = lib.swarselsystems.mkImports importNames "profiles/nixos/server" ++ [ "${profilesPath}/nixos/common/settings.nix" "${profilesPath}/nixos/common/home-manager.nix" + "${profilesPath}/nixos/common/home-manager-extra.nix" "${profilesPath}/nixos/common/xserver.nix" "${profilesPath}/nixos/common/gc.nix" "${profilesPath}/nixos/common/store.nix" diff --git a/profiles/nixos/server/navidrome.nix b/profiles/nixos/server/navidrome.nix index be4e43b..e32c59b 100644 --- a/profiles/nixos/server/navidrome.nix +++ b/profiles/nixos/server/navidrome.nix @@ -59,10 +59,10 @@ in }; # Switch using --impure as these credential files are not stored within the flake # sops-nix is not supported for these which is why we need to resort to these - LastFM.ApiKey = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/lastfm-secret"); - LastFM.Secret = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/lastfm-key"); - Spotify.ID = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/spotify-id"); - Spotify.Secret = lib.strings.trim (builtins.readFile "${secretsDirectory}/navidrome/spotify-secret"); + LastFM.ApiKey = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/lastfm-secret"; + LastFM.Secret = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/lastfm-key"; + Spotify.ID = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/spotify-id"; + Spotify.Secret = lib.swarselsystems.getSecret "${secretsDirectory}/navidrome/spotify-secret"; UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png"; UIWelcomeMessage = "~SwarselSound~"; }; diff --git a/profiles/nixos/server/syncthing.nix b/profiles/nixos/server/syncthing.nix index b5c551f..b87dcab 100644 --- a/profiles/nixos/server/syncthing.nix +++ b/profiles/nixos/server/syncthing.nix @@ -1,7 +1,7 @@ { lib, config, inputs, ... }: let secretsDirectory = builtins.toString inputs.nix-secrets; - workHostName = lib.strings.trim (builtins.readFile "${secretsDirectory}/work/worklaptop-hostname"); + workHostName = lib.swarselsystems.getSecret "${secretsDirectory}/work/worklaptop-hostname"; in { config = lib.mkIf config.swarselsystems.server.syncthing { diff --git a/programs/emacs/init.el b/programs/emacs/init.el index 2ff1d74..8bdef99 100644 --- a/programs/emacs/init.el +++ b/programs/emacs/init.el @@ -34,8 +34,8 @@ (insert (format "%s <%s>" (or from-user user-full-name) from-addr))))))) (defun swarsel/mu4e-restore-default () - (setq user-mail-address "leon@swarsel.win" - user-full-name "Leon Schwarzäugl")) + (setq user-mail-address (getenv "SWARSEL_SWARSEL_MAIL") + user-full-name (getenv "SWARSEL_FULLNAME"))) (defun swarsel/with-buffer-name-prompt-and-make-subdirs () (let ((parent-directory (file-name-directory buffer-file-name))) @@ -1501,11 +1501,13 @@ create a new one." (:maildir "/Drafts" :key ?d) (:maildir "/All Mail" :key ?a))) - (setq user-mail-address "leon@swarsel.win" - user-full-name "Leon Schwarzäugl") + (setq user-mail-address (getenv "SWARSEL_SWARSEL_MAIL") + user-full-name (getenv "SWARSEL_FULLNAME")) - - (setq mu4e-user-mail-address-list '(leon.schwarzaeugl@gmail.com leon@swarsel.win nautilus.dw@gmail.com mrswarsel@gmail.com))) + ;; this does the equivalent of (setq mu4e-user-mail-address-list '(address1@about.com address2@about.com [...]))) + (setq mu4e-user-mail-address-list + (mapcar #'intern (split-string (or (getenv "SWARSEL_MAIL_ALL") "") "[ ,]+" t))) + ) (add-hook 'mu4e-compose-mode-hook #'swarsel/mu4e-send-from-correct-address) diff --git a/scripts/swarsel-install.sh b/scripts/swarsel-install.sh index c1f5769..38f5e34 100644 --- a/scripts/swarsel-install.sh +++ b/scripts/swarsel-install.sh @@ -123,7 +123,12 @@ if [[ $local_keys != *"${pub_arr[1]}"* ]]; then yellow "The ssh key for this configuration is not available." green "Adjusting flake.nix so that the configuration is buildable" sed -i '/nix-secrets = {/,/^[[:space:]]*};/d' flake.nix - git add flake.nix + rm profiles/home/common/env.nix + rm profiles/home/common/gammastep.nix + rm profiles/home/common/git.nix + rm profiles/home/common/mail.nix + rm profiles/nixos/common/home-manager-extra.nix + git add . else green "Valid SSH key found! Continuing with installation" fi