commit 1f1ba416430661fcfb03ae87e55883a3fad919e6
parent e29499a31e45d3a406cd8fc27d09836294afdf42
Author: Vincent Demeester <vincent@sbr.pm>
Date: Mon, 1 Jun 2020 18:54:49 +0200
systems/hokkaido: better secret management…
… no more need to detect if "in CI".
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
2 files changed, 4 insertions(+), 6 deletions(-)
diff --git a/modules/profiles/mail.nixos.nix b/modules/profiles/mail.nixos.nix
@@ -3,6 +3,8 @@
with lib;
let
cfg = config.profiles.mail;
+ secretPath = ../../secrets/machines.nix;
+ secretCondition = (builtins.pathExists secretPath);
in
{
options = {
@@ -14,7 +16,7 @@ in
};
};
};
- config = mkIf cfg.enable {
+ config = mkIf (cfg.enable && secretCondition) {
environment.etc."msmtprc".source = ../../assets/msmtprc;
environment.systemPackages = with pkgs; [ msmtp ];
};
diff --git a/systems/hokkaido.nix b/systems/hokkaido.nix
@@ -1,8 +1,5 @@
{ lib, pkgs, ... }:
-let
- inCi = builtins.pathExists /home/build;
- enableHome = !inCi;
-in
+
{
imports = [
# hardware
@@ -38,7 +35,6 @@ in
ssh.enable = true;
dev.enable = true;
users.enable = false;
- mail.enable = enableHome;
yubikey.enable = true;
};