feat: isPublic flag

2025-12-06 00:57:22 +01:00 · 2024-12-18 12:25:04 +01:00 · 2024-12-18 12:25:04 +01:00 · 871cbeb671
commit 871cbeb671
parent f6226b2605
9 changed files with 36 additions and 38 deletions
--- a/profiles/common/home/emacs.nix
+++ b/profiles/common/home/emacs.nix
@ -1,8 +1,8 @@
-{ self, config, pkgs, ... }:
+{ self, lib, config, pkgs, ... }:
 {

  # needed for elfeed
-  sops.secrets.fever = { path = "${config.home.homeDirectory}/.emacs.d/.fever"; };
+  sops.secrets.fever = lib.mkIf (!config.swarselsystems.isPublic) { path = "${config.home.homeDirectory}/.emacs.d/.fever"; };

  # enable emacs overlay for bleeding edge features
  # also read init.el file and install use-package packages
--- a/profiles/common/home/mail.nix
+++ b/profiles/common/home/mail.nix
@ -1,23 +1,23 @@
-{ config, ... }:
+{ lib, config, ... }:
 {
-  programs.mbsync = {
+  programs.mbsync = lib.mkIf (!config.swarselsystems.isPublic) {
    enable = true;
  };
-  services.mbsync = {
+  services.mbsync = lib.mkIf (!config.swarselsystems.isPublic) {
    enable = true;
  };
  # this is needed so that mbsync can use the passwords from sops
-  systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ];
+  systemd.user.services.mbsync.Unit.After = lib.mkIf (!config.swarselsystems.isPublic) [ "sops-nix.service" ];

-  programs.msmtp = {
+  programs.msmtp = lib.mkIf (!config.swarselsystems.isPublic) {
    enable = true;
  };

-  programs.mu = {
+  programs.mu = lib.mkIf (!config.swarselsystems.isPublic) {
    enable = true;
  };

-  accounts.email = {
+  accounts.email = lib.mkIf (!config.swarselsystems.isPublic) {
    maildirBasePath = "Mail";
    accounts.leon = {
      primary = true;
@ -25,7 +25,6 @@
      userName = "leon.schwarzaeugl@gmail.com";
      realName = "Leon Schwarzäugl";
      passwordCommand = "cat ${config.sops.secrets.leon.path}";
-      # passwordCommand = "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.local/share/password-store/mail/mbsync/leon.schwarzaeugl@gmail.com.gpg";
      gpg = {
        key = "0x76FD3810215AE097";
        signByDefault = true;
@ -53,7 +52,7 @@
      };
    };

-    accounts.swarsel = {
+    accounts.swarsel = lib.mkIf (!config.swarselsystems.isPublic) {
      address = "leon@swarsel.win";
      userName = "8227dc594dd515ce232eda1471cb9a19";
      realName = "Leon Schwarzäugl";
@ -75,13 +74,12 @@
      };
    };

-    accounts.nautilus = {
+    accounts.nautilus = lib.mkIf (!config.swarselsystems.isPublic) {
      primary = false;
      address = "nautilus.dw@gmail.com";
      userName = "nautilus.dw@gmail.com";
      realName = "Nautilus";
      passwordCommand = "cat ${config.sops.secrets.nautilus.path}";
-      # passwordCommand = "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.local/share/password-store/mail/mbsync/nautilus.dw@gmail.com.gpg";
      imap.host = "imap.gmail.com";
      smtp.host = "smtp.gmail.com";
      msmtp.enable = true;
@ -102,12 +100,11 @@
        };
      };
    };
-    accounts.mrswarsel = {
+    accounts.mrswarsel = lib.mkIf (!config.swarselsystems.isPublic) {
      primary = false;
      address = "mrswarsel@gmail.com";
      userName = "mrswarsel@gmail.com";
      realName = "Swarsel";
-      # passwordCommand = "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.local/share/password-store/mail/mbsync/mrswarsel@gmail.com.gpg";
      passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}";
      imap.host = "imap.gmail.com";
      smtp.host = "smtp.gmail.com";
--- a/profiles/common/home/sops.nix
+++ b/profiles/common/home/sops.nix
@ -6,7 +6,7 @@ let
  ];
 in
 {
-  sops = {
+  sops = lib.mkIf (!config.swarselsystems.isPublic) {
    age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" "${config.home.homeDirectory}/.ssh/ssh_host_ed25519_key" ];
    defaultSopsFile = mkIfElse config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml";

--- a/profiles/common/nixos/network.nix
+++ b/profiles/common/nixos/network.nix
@ -17,7 +17,7 @@

    networkmanager = {
      enable = true;
-      ensureProfiles = {
+      ensureProfiles = lib.mkIf (!config.swarselsystems.isPublic) {
        environmentFiles = [
          "${config.sops.templates."network-manager.env".path}"
        ];
--- a/profiles/common/nixos/sops.nix
+++ b/profiles/common/nixos/sops.nix
@ -6,7 +6,7 @@ let
  ];
 in
 {
-  sops = {
+  sops = lib.mkIf (!config.swarselsystems.isPublic) {

    age.sshKeyPaths = mkIfElse config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" ] [ "${config.users.users.swarsel.home}/.ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ];
    defaultSopsFile = mkIfElse config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml";
--- a/profiles/common/nixos/users.nix
+++ b/profiles/common/nixos/users.nix
@ -1,6 +1,6 @@
 { pkgs, config, lib, ... }:
 {
-  sops.secrets.swarseluser = { neededForUsers = true; };
+  sops.secrets.swarseluser = lib.mkIf (!config.swarselsystems.isPublic) { neededForUsers = true; };

  users = {
    mutableUsers = lib.mkIf (!config.swarselsystems.initialSetup) false;