ephase/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat(dav): use pricate input to handle secrets

Browse source
This commit is contained in:
Yorick Barbanneau 2025-08-12 03:14:55 +02:00
parent 6e9ef448db
commit 5addb3821d
No known key found for this signature in database
GPG key ID: 246042E52B41FFCF
1 changed files with 31 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

64
modules/home-manager/accounts/dav/default.nix
View file

@ -1,36 +1,23 @@
{ lib, config, ... }: { lib, config, inputs, pkgs, ... }:
with lib; with lib;
let let
cfg = config.modules.accounts.dav; cfg = config.modules.dav;
secretsDirectory = "${(builtins.toString inputs.nix-private)}/secrets";
vdirsyncerConf = { vdirsyncerConf = {
enable = true; enable = true;
auth = "basic"; auth = "basic";
userNameCommand = [
"cat"
"${config.sops.secrets."webdav/username".path}"
];
}; };
in in
{ {
options.modules.accounts.dav = { options.modules.dav = {
enable = mkEnableOption "enable personal Caldav / CardDav"; enable = mkEnableOption "enable personal Caldav / CardDav";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
## Manage secrets used in this module
sops = { sops = {
secrets = { secrets = {
"webdav/url/caldav" = { "${inputs.nix-private.dav.personal.secret.key}" = {
sopsFile = ../../../../secrets/accounts.yaml; sopsFile = "${secretsDirectory}/${inputs.nix-private.dav.personal.secret.file}";
};
"webdav/url/carddav" = {
sopsFile = ../../../../secrets/accounts.yaml;
};
"webdav/username" = {
sopsFile = ../../../../secrets/accounts.yaml;
};
"webdav/password" = {
sopsFile = ../../../../secrets/accounts.yaml;
}; };
}; };
}; };
@ -38,11 +25,15 @@ in
accounts.calendar.basePath = ".local/share/calendars"; accounts.calendar.basePath = ".local/share/calendars";
accounts.calendar.accounts.personal_calendars = { accounts.calendar.accounts.personal_calendars = {
name = "personal_calendar"; name = "personal_calendar";
remote.type = "caldav"; remote = {
remote.passwordCommand = [ type = "caldav";
"cat" url = inputs.nix-private.dav.personal.caldavUrl;
"${config.sops.secrets."webdav/password".path}" userName = inputs.nix-private.dav.personal.userName;
passwordCommand = [
"${pkgs.coreutils}/bin/cat"
"${config.sops.secrets."${inputs.nix-private.dav.personal.secret.key}".path}"
]; ];
};
vdirsyncer = vdirsyncerConf // { vdirsyncer = vdirsyncerConf // {
metadata = [ metadata = [
"color" "color"
@ -52,10 +43,6 @@ in
"VTODO" "VTODO"
"VEVENT" "VEVENT"
]; ];
urlCommand = [
"cat"
"${config.sops.secrets."webdav/url/caldav".path}"
];
collections = [ collections = [
"from a" "from a"
"from b" "from b"
@ -70,22 +57,23 @@ in
accounts.contact.basePath = ".local/share/contacts"; accounts.contact.basePath = ".local/share/contacts";
accounts.contact.accounts.personal_contacts = { accounts.contact.accounts.personal_contacts = {
remote.type = "carddav"; remote = {
remote.passwordCommand = [ type = "carddav";
"cat" url = inputs.nix-private.dav.personal.carddavUrl;
"${config.sops.secrets."webdav/password".path}" userName = inputs.nix-private.dav.personal.userName;
passwordCommand = [
"${pkgs.coreutils}/bin/cat"
"${config.sops.secrets."${inputs.nix-private.dav.personal.secret.key}".path}"
]; ];
local.type = "filesystem"; };
local.fileExt = ".vcf"; local = {
type = "filesystem";
fileExt = ".vcf";
};
vdirsyncer = vdirsyncerConf // { vdirsyncer = vdirsyncerConf // {
metadata = [ metadata = [
"displayname" "displayname"
]; ];
urlCommand = [
"cat"
"${config.sops.secrets."webdav/url/carddav".path}"
];
}; };
khal = { khal = {
enable = true; enable = true;