home

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

commit 1f1ba416430661fcfb03ae87e55883a3fad919e6
parent e29499a31e45d3a406cd8fc27d09836294afdf42
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Mon,  1 Jun 2020 18:54:49 +0200

systems/hokkaido: better secret management…

… no more need to detect if "in CI".

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Mmodules/profiles/mail.nixos.nix | 4+++-
Msystems/hokkaido.nix | 6+-----
2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/modules/profiles/mail.nixos.nix b/modules/profiles/mail.nixos.nix @@ -3,6 +3,8 @@ with lib; let cfg = config.profiles.mail; + secretPath = ../../secrets/machines.nix; + secretCondition = (builtins.pathExists secretPath); in { options = { @@ -14,7 +16,7 @@ in }; }; }; - config = mkIf cfg.enable { + config = mkIf (cfg.enable && secretCondition) { environment.etc."msmtprc".source = ../../assets/msmtprc; environment.systemPackages = with pkgs; [ msmtp ]; }; diff --git a/systems/hokkaido.nix b/systems/hokkaido.nix @@ -1,8 +1,5 @@ { lib, pkgs, ... }: -let - inCi = builtins.pathExists /home/build; - enableHome = !inCi; -in + { imports = [ # hardware @@ -38,7 +35,6 @@ in ssh.enable = true; dev.enable = true; users.enable = false; - mail.enable = enableHome; yubikey.enable = true; };