all: make deploy setup optional

2024-05-31 08:29:22 -06:00 · 2024-05-31 08:29:22 -06:00 · 2d8c791d19
commit 2d8c791d19
parent c4bf11b1c4
2 changed files with 22 additions and 10 deletions
--- a/configs/update.nix
+++ b/configs/update.nix
@ -12,6 +12,14 @@ with lib; {
        type = lib.types.bool;
      };
    };
+    needsDeploy = {
+      enable = mkOption {
+        description = "Host needs deploy key to receive encrypted secrets";
+        default = true;
+        example = true;
+        type = lib.types.bool;
+      };
+    };
  };

  config = mkMerge [
@ -24,15 +32,17 @@ with lib; {
        dates = "*-*-* *:05:00";
      };
    })
-    {
-      # Always add our host alias or we run into a bootstrap issue
-      programs.ssh.extraConfig = ''
-        Host xin-secrets-ro
-          IdentityFile ${config.sops.secrets.xin_secrets_deploy_key.path}
-          User gitea
-          Port 2222
-          Hostname git.tapenet.org
-      '';
-    }
+
+    # Always add our host alias or we run into a bootstrap issue
+    (mkIf config.needsDeploy.enable {
+      programs.ssh.extraConfig =
+        ''
+          Host xin-secrets-ro
+            IdentityFile ${config.sops.secrets.xin_secrets_deploy_key.path}
+            User gitea
+            Port 2222
+            Hostname git.tapenet.org
+        '';
+    })
  ];
 }
--- a/hosts/tv/default.nix
+++ b/hosts/tv/default.nix
@ -22,6 +22,8 @@ in
    ./hardware-configuration.nix
  ];

+  needsDeploy.enable = false;
+
  boot = {
    loader = {
      systemd-boot.enable = true;