feat(dav): use pricate input to handle secrets
This commit is contained in:
parent
6e9ef448db
commit
5addb3821d
1 changed files with 31 additions and 43 deletions
|
|
@ -1,36 +1,23 @@
|
|||
{ lib, config, ... }:
|
||||
{ lib, config, inputs, pkgs, ... }:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.modules.accounts.dav;
|
||||
cfg = config.modules.dav;
|
||||
secretsDirectory = "${(builtins.toString inputs.nix-private)}/secrets";
|
||||
vdirsyncerConf = {
|
||||
enable = true;
|
||||
auth = "basic";
|
||||
userNameCommand = [
|
||||
"cat"
|
||||
"${config.sops.secrets."webdav/username".path}"
|
||||
];
|
||||
enable = true;
|
||||
auth = "basic";
|
||||
};
|
||||
in
|
||||
{
|
||||
options.modules.accounts.dav = {
|
||||
options.modules.dav = {
|
||||
enable = mkEnableOption "enable personal Caldav / CardDav";
|
||||
};
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
## Manage secrets used in this module
|
||||
|
||||
sops = {
|
||||
secrets = {
|
||||
"webdav/url/caldav" = {
|
||||
sopsFile = ../../../../secrets/accounts.yaml;
|
||||
};
|
||||
"webdav/url/carddav" = {
|
||||
sopsFile = ../../../../secrets/accounts.yaml;
|
||||
};
|
||||
"webdav/username" = {
|
||||
sopsFile = ../../../../secrets/accounts.yaml;
|
||||
};
|
||||
"webdav/password" = {
|
||||
sopsFile = ../../../../secrets/accounts.yaml;
|
||||
"${inputs.nix-private.dav.personal.secret.key}" = {
|
||||
sopsFile = "${secretsDirectory}/${inputs.nix-private.dav.personal.secret.file}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
@ -38,11 +25,15 @@ in
|
|||
accounts.calendar.basePath = ".local/share/calendars";
|
||||
accounts.calendar.accounts.personal_calendars = {
|
||||
name = "personal_calendar";
|
||||
remote.type = "caldav";
|
||||
remote.passwordCommand = [
|
||||
"cat"
|
||||
"${config.sops.secrets."webdav/password".path}"
|
||||
];
|
||||
remote = {
|
||||
type = "caldav";
|
||||
url = inputs.nix-private.dav.personal.caldavUrl;
|
||||
userName = inputs.nix-private.dav.personal.userName;
|
||||
passwordCommand = [
|
||||
"${pkgs.coreutils}/bin/cat"
|
||||
"${config.sops.secrets."${inputs.nix-private.dav.personal.secret.key}".path}"
|
||||
];
|
||||
};
|
||||
vdirsyncer = vdirsyncerConf // {
|
||||
metadata = [
|
||||
"color"
|
||||
|
|
@ -52,10 +43,6 @@ in
|
|||
"VTODO"
|
||||
"VEVENT"
|
||||
];
|
||||
urlCommand = [
|
||||
"cat"
|
||||
"${config.sops.secrets."webdav/url/caldav".path}"
|
||||
];
|
||||
collections = [
|
||||
"from a"
|
||||
"from b"
|
||||
|
|
@ -70,22 +57,23 @@ in
|
|||
|
||||
accounts.contact.basePath = ".local/share/contacts";
|
||||
accounts.contact.accounts.personal_contacts = {
|
||||
remote.type = "carddav";
|
||||
remote.passwordCommand = [
|
||||
"cat"
|
||||
"${config.sops.secrets."webdav/password".path}"
|
||||
];
|
||||
local.type = "filesystem";
|
||||
local.fileExt = ".vcf";
|
||||
remote = {
|
||||
type = "carddav";
|
||||
url = inputs.nix-private.dav.personal.carddavUrl;
|
||||
userName = inputs.nix-private.dav.personal.userName;
|
||||
passwordCommand = [
|
||||
"${pkgs.coreutils}/bin/cat"
|
||||
"${config.sops.secrets."${inputs.nix-private.dav.personal.secret.key}".path}"
|
||||
];
|
||||
};
|
||||
local = {
|
||||
type = "filesystem";
|
||||
fileExt = ".vcf";
|
||||
};
|
||||
vdirsyncer = vdirsyncerConf // {
|
||||
|
||||
metadata = [
|
||||
"displayname"
|
||||
];
|
||||
urlCommand = [
|
||||
"cat"
|
||||
"${config.sops.secrets."webdav/url/carddav".path}"
|
||||
];
|
||||
};
|
||||
khal = {
|
||||
enable = true;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue