feat: start migrating steveej-t14 and sj-vps-htz-0 to sops

2023-07-05 15:55:04 +02:00 · 2023-07-05 15:55:04 +02:00 · b481126ae2
commit b481126ae2
parent 6587a914e4
55 changed files with 877 additions and 452 deletions
--- a/nix/home-manager/programs/radicale.nix
+++ b/nix/home-manager/programs/radicale.nix
@ -1,11 +1,10 @@
 {
  config,
-  pkgs,
  lib,
+  pkgs,
+  osConfig,
  ...
 }: let
-  passwords = import ../../variables/passwords.crypt.nix;
-
  libdecsync = pkgs.python3Packages.buildPythonPackage rec {
    pname = "libdecsync";
    version = "2.2.1";
@ -16,9 +15,8 @@
    };

    propagatedBuildInputs = [
-      pkgs.libxcrypt-legacy
+      # pkgs.libxcrypt-legacy
    ];
-
  };
  radicale-storage-decsync = pkgs.python3Packages.buildPythonPackage rec {
    pname = "radicale_storage_decsync";
@ -31,13 +29,13 @@

    buildInputs = [
      pkgs.radicale
-      pkgs.libxcrypt-legacy
-      pkgs.libxcrypt
+      # pkgs.libxcrypt-legacy
+      # pkgs.libxcrypt
    ];

    nativeCheckInputs = [
-      pkgs.libxcrypt-legacy
-      pkgs.libxcrypt
+      # pkgs.libxcrypt-legacy
+      # pkgs.libxcrypt
    ];

    propagatedBuildInputs = [libdecsync pkgs.python3Packages.setuptools];
@ -48,18 +46,17 @@
      ++ [radicale-storage-decsync];
  });

-  mkRadicaleService = { suffix, port }: let
+  mkRadicaleService = {
+    suffix,
+    port,
+  }: let
    radicale-config = pkgs.writeText "radicale-config-${suffix}" ''
      [server]
-      hosts = localhost:${builtins.toString(port)}
+      hosts = localhost:${builtins.toString port}

      [auth]
      type = htpasswd
-      htpasswd_filename = ${
-        pkgs.writeText "radicale" ''
-          radicale:${passwords.users.radicale}
-        ''
-      }
+      htpasswd_filename = ${osConfig.sops.secrets.radicale_htpasswd.path}
      htpasswd_encryption = bcrypt

      [storage]
@ -77,7 +74,14 @@
      Install.WantedBy = ["default.target"];
    };
  };
-in builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) {} [
-  {suffix = "personal"; port = 5232;}
-  {suffix = "family"; port = 5233;}
-]
+in
+  builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) {} [
+    {
+      suffix = "personal";
+      port = 5232;
+    }
+    {
+      suffix = "family";
+      port = 5233;
+    }
+  ]