2019-08-27 23:41:02 +04:00
|
|
|
{ pkgs, config, lib, ... }:
|
|
|
|
|
with lib;
|
|
|
|
|
with types;
|
|
|
|
|
let
|
2020-08-04 01:44:50 +04:00
|
|
|
secret = description:
|
|
|
|
|
mkOption {
|
|
|
|
|
inherit description;
|
|
|
|
|
type = nullOr str;
|
|
|
|
|
};
|
2019-08-27 23:41:02 +04:00
|
|
|
mkCredOption = service: extra:
|
2020-08-07 23:27:49 +04:00
|
|
|
mkOption {
|
|
|
|
|
description = "Credentials for ${service}";
|
|
|
|
|
type = nullOr (submodule {
|
|
|
|
|
options = {
|
|
|
|
|
user = mkOption {
|
|
|
|
|
type = str;
|
|
|
|
|
description = "Username for ${service}";
|
|
|
|
|
};
|
|
|
|
|
password = mkOption {
|
|
|
|
|
type = str;
|
|
|
|
|
description = "Password for ${service}";
|
|
|
|
|
};
|
|
|
|
|
} // extra;
|
|
|
|
|
});
|
|
|
|
|
};
|
2019-08-27 23:41:02 +04:00
|
|
|
in rec {
|
|
|
|
|
options.secrets = {
|
|
|
|
|
wireguard = mkOption {
|
|
|
|
|
description = "Wireguard conf";
|
2020-08-04 01:44:50 +04:00
|
|
|
type = attrs;
|
2019-08-27 23:41:02 +04:00
|
|
|
};
|
2019-09-18 00:51:45 +04:00
|
|
|
windows-samba = mkCredOption "samba on windows" { };
|
2019-09-26 02:46:10 +04:00
|
|
|
linux-samba = mkCredOption "samba on linux" { };
|
2020-02-08 03:53:35 +04:00
|
|
|
spotify = mkCredOption "Spotify" { };
|
2019-08-27 23:41:02 +04:00
|
|
|
};
|
|
|
|
|
config = let
|
2020-08-04 01:44:50 +04:00
|
|
|
unlocked = import (pkgs.runCommand "check-secret" { }
|
|
|
|
|
"set +e; grep -qI . ${../secret.nix}; echo $? > $out") == 0;
|
2019-08-27 23:41:02 +04:00
|
|
|
secretnix = import ../secret.nix;
|
2020-08-04 01:44:50 +04:00
|
|
|
secrets = if !unlocked || isNull secretnix then
|
|
|
|
|
builtins.trace "secret.nix locked, building without any secrets"
|
|
|
|
|
(mapAttrs (n: v: null) options.secrets)
|
2019-08-27 23:41:02 +04:00
|
|
|
else
|
|
|
|
|
secretnix;
|
|
|
|
|
in { inherit secrets; };
|
|
|
|
|
}
|
