ephase/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: ephase:99952316127ffcef4810864dd607862a1d0cc972
Branches Tags
ephase:main
ephase:chore/upgrade
..
compare: ephase:6e9ef448dbd75d222e2da6267b5d045a016153d0
Branches Tags
ephase:main
ephase:chore/upgrade

No commits in common. "99952316127ffcef4810864dd607862a1d0cc972" and "6e9ef448dbd75d222e2da6267b5d045a016153d0" have entirely different histories.
9995231612 ... 6e9ef448db

3 changed files with 103 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

14
.sops.yaml Normal file
View file

@ -0,0 +1,14 @@
# This example uses YAML anchors which allows reuse of multiple keys
# without having to repeat yourself.
# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
# for a more complex example.
keys:
- &ephase 26D5035DF6B4BE70F2B51B4C178139E02D2ACF00
- &luci age19kvatn3zpeqh9zy7u8ce0hqe7dyaesxrukewxt8u7pf4cqkj5dfqm5nlwy
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *luci
pgp:
- *ephase

64
modules/home-manager/accounts/dav/default.nix
View file

@ -1,23 +1,36 @@
{ lib, config, inputs, pkgs, ... }: { lib, config, ... }:
with lib; with lib;
let let
cfg = config.modules.dav; cfg = config.modules.accounts.dav;
secretsDirectory = "${(builtins.toString inputs.nix-private)}/secrets";
vdirsyncerConf = { vdirsyncerConf = {
enable = true; enable = true;
auth = "basic"; auth = "basic";
userNameCommand = [
"cat"
"${config.sops.secrets."webdav/username".path}"
];
}; };
in in
{ {
options.modules.dav = { options.modules.accounts.dav = {
enable = mkEnableOption "enable personal Caldav / CardDav"; enable = mkEnableOption "enable personal Caldav / CardDav";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
## Manage secrets used in this module
sops = { sops = {
secrets = { secrets = {
"${inputs.nix-private.dav.personal.secret.key}" = { "webdav/url/caldav" = {
sopsFile = "${secretsDirectory}/${inputs.nix-private.dav.personal.secret.file}"; sopsFile = ../../../../secrets/accounts.yaml;
};
"webdav/url/carddav" = {
sopsFile = ../../../../secrets/accounts.yaml;
};
"webdav/username" = {
sopsFile = ../../../../secrets/accounts.yaml;
};
"webdav/password" = {
sopsFile = ../../../../secrets/accounts.yaml;
}; };
}; };
}; };
@ -25,15 +38,11 @@ in
accounts.calendar.basePath = ".local/share/calendars"; accounts.calendar.basePath = ".local/share/calendars";
accounts.calendar.accounts.personal_calendars = { accounts.calendar.accounts.personal_calendars = {
name = "personal_calendar"; name = "personal_calendar";
remote = { remote.type = "caldav";
type = "caldav"; remote.passwordCommand = [
url = inputs.nix-private.dav.personal.caldavUrl; "cat"
userName = inputs.nix-private.dav.personal.userName; "${config.sops.secrets."webdav/password".path}"
passwordCommand = [
"${pkgs.coreutils}/bin/cat"
"${config.sops.secrets."${inputs.nix-private.dav.personal.secret.key}".path}"
]; ];
};
vdirsyncer = vdirsyncerConf // { vdirsyncer = vdirsyncerConf // {
metadata = [ metadata = [
"color" "color"
@ -43,6 +52,10 @@ in
"VTODO" "VTODO"
"VEVENT" "VEVENT"
]; ];
urlCommand = [
"cat"
"${config.sops.secrets."webdav/url/caldav".path}"
];
collections = [ collections = [
"from a" "from a"
"from b" "from b"
@ -57,23 +70,22 @@ in
accounts.contact.basePath = ".local/share/contacts"; accounts.contact.basePath = ".local/share/contacts";
accounts.contact.accounts.personal_contacts = { accounts.contact.accounts.personal_contacts = {
remote = { remote.type = "carddav";
type = "carddav"; remote.passwordCommand = [
url = inputs.nix-private.dav.personal.carddavUrl; "cat"
userName = inputs.nix-private.dav.personal.userName; "${config.sops.secrets."webdav/password".path}"
passwordCommand = [
"${pkgs.coreutils}/bin/cat"
"${config.sops.secrets."${inputs.nix-private.dav.personal.secret.key}".path}"
]; ];
}; local.type = "filesystem";
local = { local.fileExt = ".vcf";
type = "filesystem";
fileExt = ".vcf";
};
vdirsyncer = vdirsyncerConf // { vdirsyncer = vdirsyncerConf // {
metadata = [ metadata = [
"displayname" "displayname"
]; ];
urlCommand = [
"cat"
"${config.sops.secrets."webdav/url/carddav".path}"
];
}; };
khal = { khal = {
enable = true; enable = true;

46
secrets/accounts.yaml Normal file
View file

@ -0,0 +1,46 @@
webdav:
url:
caldav: ENC[AES256_GCM,data:UMoSLlEhxtJ/80wIQlGaqfu/OI4JXodSLYySwAyJJg==,iv:WTGZ8mq3huVEPMNOBDGdghy994Z5vCzvVDMvp5djnlw=,tag:s34QZVjqvNiQT/P9SVCeUw==,type:str]
carddav: ENC[AES256_GCM,data:oGLZ4c02b4wiYCqhyQzC1NG210BUpSpSqibi7xvtIjHhW/X4wvYU5QPm2VKCrJYpvqIEeiah1TDwvByqLpBz5d8Ucyme,iv:cwaWTvdS5eEGmwm5+n2N31ajzAXPix4woXECUqXtk3E=,tag:jRK3viRDzwd5JmNh6UVt2A==,type:str]
username: ENC[AES256_GCM,data:Z/QVE3Di,iv:pRBgv/K+VzbF5/iaftTDoxZWjvVztPznLJ5LKpKQaoM=,tag:rCw9mLFtzhpp5vO5eVKqvA==,type:str]
password: ENC[AES256_GCM,data:X7hjL2VczjPGKF4n2g==,iv:BwqXZ3h+EIHU+Cvx8gDYhgd2NiBkednUz+ksp40sYas=,tag:ngbtcYsfOxvTTcftBE+lMg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19kvatn3zpeqh9zy7u8ce0hqe7dyaesxrukewxt8u7pf4cqkj5dfqm5nlwy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRk1KamJ3clA4QTBZT3BL
blZGaVNQb2tWMTkrWUxicm9PdXV6RTJJbXh3ClJJQTJON3BBRGJ4RWg1UnRQNVoy
bFllM0E1djlOUTVRQ1lZc1JEQS9YNXcKLS0tIEhac3FpUVd6TW9pbUMyNlAzbk5P
dGZkOExNbTRuS0NvaDgzUmlFRVNvckEK7PSVxtaDd/3yWIIuAMcX586imRu/On09
duwFZ5btOY2fxNYgV9sCG7Vr+OGCO8n9OWBS9hLy7MJwAzi/f5l7Fg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-20T16:25:53Z"
mac: ENC[AES256_GCM,data:4vNjXD26LeHv00B4gDumkUzq7Us9HRWv79Wq3iyTeDjKOXw9lluIQIZsDB1aQS90dTNCEvlbZ6pt1oHRqGySpDcKHId6rsUy9qkeLl683haKKilT47ABpGiMd2sY6xL1FQPiXMH4qc7wxh+EuS0N6Y+mgIY9Kn0qP6ion1s/lqs=,iv:JZ5lnJKBXQeKadihHyItueHDO6zULVMLSPmGCe+Qlz4=,tag:+bh08XI2TWov6yQJ1+KtoA==,type:str]
pgp:
- created_at: "2024-06-24T20:12:19Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA9/d8qUtz+3ZAQ/7BoojnrnGgF4TEnFTJMWVy229Cx1knABVot45A1frFWmS
kwIGPGQPlCjGF4tyIOmBy8WpQWBuKffYakCC/OklHCyfnLjsyhcR+MSqDVzqMmy3
dEThTcGPRCerM1Mu8oWPk0yq5AKzuJagr9+4ITrljsh6tRwA4qmfKxQ6BZhGPQHJ
3FZwcQHfaDkuag3o5swNKHX//MIZwEDyXJHKgeTUPhENzc0POdjPU5CZN0HBU4ep
98PJAlAiDKyYSQkg1MfOWvCllyfvhGPzTLEPq5jazqpc7lgNKxJGU5kTnUUi2fKS
gCJdqRlMBO/3S8wUZg0gIsw1+OwmfL0y99MeMP1ggGaqFkGs6Pqj7sRd6/QcuP0l
w2QZgB9S6DOUkfy5m5Xw7VboE2aAX4BOrWNJVDy//358322xxuqZdbp3pIjnsmt/
b2gTZb1eGK/o5GmXfgzCf7In1b3wldg/ZSHyxGct1CJIgNBb1nFDMmyVI9J5zER0
2ZTflNfN/cxttW2BvGRoL3fWXnO+ThLHz1q1WWWCOC7TLTnESOtAueSCTlrMcij/
7zL7Wc98JgdAuxhznMjiYqY9nZK48jhBCBOdC0uool/FNElcStUaOq1O3HRo5qoi
s277Wqtp0uZqeLBxgNEGwicEDm9BbrVzH9egYGMaPJI6STIJYduJXBegnPf5KFXS
XgHTJyK7u9MrZ58kkiT95455NEqQd27JMqmsGwReX6/LpYs5KJJGT4qGNab8GM5A
VMniFb1GOXIOxSbYgfkgaHc+zK43O5UwBwegOneTC6ak/CQYvD9xQS94FKqwF10=
=7pZ/
-----END PGP MESSAGE-----
fp: 26D5035DF6B4BE70F2B51B4C178139E02D2ACF00
unencrypted_suffix: _unencrypted
version: 3.8.1