Infinidoge/universe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

secrets: improve formatting

Browse source
This commit is contained in:
Infinidoge 2024-03-25 11:02:45 -04:00
parent 73d9d015de
commit 46097b2398
Signed by: Infinidoge
SSH key fingerprint: SHA256:oAMyvotlNFraMmZmr+p6AxnNfW/GioTs1pOn3V4tQ7A
1 changed files with 10 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

12
secrets/default.nix
View file

@ -4,7 +4,9 @@ let
inherit (lib.our) mkOpt; inherit (lib.our) mkOpt;
inherit (lib.types) bool attrsOf path; inherit (lib.types) bool attrsOf path;
mkSecret = name: nameValuePair (removeSuffix ".age" name) { file = "${./.}/${name}"; }; mkSecret = name: nameValuePair
(removeSuffix ".age" name)
{ file = "${./.}/${name}"; };
secrets = listToAttrs (map mkSecret (attrNames (import ./secrets.nix))); secrets = listToAttrs (map mkSecret (attrNames (import ./secrets.nix)));
withOwner = name: secret: secret // { owner = name; group = name; }; withOwner = name: secret: secret // { owner = name; group = name; };
@ -18,7 +20,13 @@ in
config = mkIf config.modules.secrets.enable { config = mkIf config.modules.secrets.enable {
secrets = mapAttrs (n: v: v.path) config.age.secrets; secrets = mapAttrs (n: v: v.path) config.age.secrets;
age.secrets = mkMerge [ age.secrets = mkMerge [
{ inherit (secrets) "infinidoge-password" "root-password" "binary-cache-private-key"; } {
inherit (secrets)
"infinidoge-password"
"root-password"
"binary-cache-private-key"
;
}
(mkIf config.services.nginx.enable { (mkIf config.services.nginx.enable {
"inx.moe.pem" = withOwner "nginx" secrets."inx.moe.pem"; "inx.moe.pem" = withOwner "nginx" secrets."inx.moe.pem";
"inx.moe.key" = withOwner "nginx" secrets."inx.moe.key"; "inx.moe.key" = withOwner "nginx" secrets."inx.moe.key";