Comments (2)
Probably something like
nixosConfigurations = {
# Main desktop
ryzennova =
let base = lib.nixosSystem {
modules = [ ./hosts/ryzennova ];
specialArgs = { inherit inputs outputs; };
};
in base.extendModules {
modules = [
scalpel.nixosModules.scalpel
<yourscalpelconfigfiles>
];
specialArgs = { prev = base; };
};
};
from scalpel.
Thank you the info! Sorry it took a bit for me to respond back, I was fighting with sops trying to get that part working again. So far I got it added like you showed, but now I'm really confused from reading the documentation for how to implement scalpel. I got a nix module I want to replace secrets that lie inside of it with scalpel. The module basically contains HomeManager configs for setting up mbsync and my email addresses for mu. It looks like the following below (I removed alot of the uncessary stuff as they aren't relavent to the question and it's just quite long).
sops.secrets = {
# Add addresses!
"uni-address" = {
format = "yaml";
sopsFile = ../../dots/secrets/esecrets.yaml;
};
"gmail-address" = {
format = "yaml";
sopsFile = ../../dots/secrets/esecrets.yaml;
};
"main-address" = {
format = "yaml";
sopsFile = ../../dots/secrets/esecrets.yaml;
};
};
accounts.email = {
maildirBasePath = "${config.xdg.cacheHome}/mail";
accounts = {
"uni" = {
address = "!!UNI_ADDRESS!!";
passwordCommand =
"gpg -q --for-your-eyes-only --no-tty -d ~/.authinfo.gpg | awk '/machine smtp.gmail.com login ${config.accounts.email.accounts.uni.address}/ {print $NF}'";
... more stuff after here
};
"gmail" = {
address = "!!GMAIL_ADDRESS!!";
passwordCommand =
"gpg -q --for-your-eyes-only --no-tty -d ~/.authinfo.gpg | awk '/machine smtp.gmail.com login ${config.accounts.email.accounts.gmail.address}/ {print $NF}'";
... more stuff after here
};
"mailbox" = {
address = "!!MAIN_ADDRESS!!";
passwordCommand =
"gpg -q --for-your-eyes-only --no-tty -d ~/.authinfo.gpg | awk '/machine smtp.mailbox.org login ${config.accounts.email.accounts.mailbox.address}/ {print $NF}'";
... More stuff after here
};
};
};
So I went ahead and replaced the email addresses with the placeholders as mentioned in the tutorial but I'm puzzled with how to actually get scalpel to transform these placeholders. So far I made the following below but I'm still confused on how to define the start
variable and the config file variable as I just copied directly from the example used
{ config, lib, pkgs, prev, ... }:
let
start = "${prev.config.accounts.email.accounts}";
uniconfig = builtins.head (builtins.match ".*-c ([^[:space:]]+)" "${start}");
in
{
systemd.services.mosquitto.serviceConfig.ExecStart = lib.mkForce (
builtins.replaceStrings [ "${mosquitto_cfgfile}" ] [ "${config.scalpel.trafos."mosquitto.conf".destination} "] "${start}"
);
scalpel.trafos."mosquitto.conf" = {
source = mosquitto_cfgfile;
matchers."BR1_PASSWORD".secret = config.sops.secrets.br1passwd.path;
matchers."BR2_PASSWORD".secret = config.sops.secrets.br2passwd.path;
owner = "mosquitto";
group = "mosquitto";
mode = "0440";
};
}
And the resultant mbsync file that the original makes is like this
# Generated by Home Manager.
IMAPAccount gmail
CertificateFile /etc/ssl/certs/ca-certificates.crt
Host imap.gmail.com
PassCmd "gpg -q --for-your-eyes-only --no-tty -d ~/.authinfo.gpg | awk '/machine smtp.gmail.com login [REDACTED GMAIL]/ {print $NF}'"
Port 993
SSLType IMAPS
User [REDACTED GMAIL]
...More stuff after this
IMAPAccount mailbox
CertificateFile /etc/ssl/certs/ca-certificates.crt
Host imap.mailbox.org
PassCmd "gpg -q --for-your-eyes-only --no-tty -d ~/.authinfo.gpg | awk '/machine smtp.mailbox.org login [REDACTED MAIN]/ {print $NF}'"
SSLType STARTTLS
User [REDACTED MAIN]
...More stuff after this
IMAPAccount uni
CertificateFile /etc/ssl/certs/ca-certificates.crt
Host imap.gmail.com
PassCmd "gpg -q --for-your-eyes-only --no-tty -d ~/.authinfo.gpg | awk '/machine smtp.gmail.com login [REDACTED UNI]/ {print $NF}'"
Port 993
SSLType IMAPS
User [REDACTED UNI]
...More stuff after this
from scalpel.
Related Issues (2)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scalpel.