2024-12-12 11:05:11 +01:00
|
|
|
{
|
|
|
|
inputs,
|
|
|
|
lib,
|
|
|
|
...
|
|
|
|
}:
|
|
|
|
|
|
|
|
let
|
|
|
|
inherit (builtins) elem;
|
2024-12-13 12:34:58 +01:00
|
|
|
inherit (lib.attrsets) concatMapAttrs optionalAttrs;
|
2024-12-12 11:05:11 +01:00
|
|
|
inherit (lib.strings) removeSuffix;
|
|
|
|
|
|
|
|
secrets = import ./secrets.nix;
|
|
|
|
in
|
|
|
|
{
|
|
|
|
flake = {
|
|
|
|
inherit secrets;
|
|
|
|
|
|
|
|
nixosModules.ageSecrets = (
|
|
|
|
{ config, ... }:
|
|
|
|
{
|
|
|
|
imports = [ inputs.agenix.nixosModules.default ];
|
|
|
|
|
|
|
|
options.x_fediversity.hostPublicKey = lib.mkOption {
|
|
|
|
description = ''
|
|
|
|
The host public key of the machine. It is used in particular
|
|
|
|
to filter Age secrets and only keep the relevant ones.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2024-12-13 12:34:58 +01:00
|
|
|
config.age.secrets = concatMapAttrs (
|
|
|
|
name: secret:
|
|
|
|
optionalAttrs (elem config.x_fediversity.hostPublicKey secret.publicKeys) ({
|
|
|
|
${removeSuffix ".age" name}.file = ./. + "/${name}";
|
|
|
|
})
|
|
|
|
) secrets;
|
2024-12-12 11:05:11 +01:00
|
|
|
}
|
|
|
|
);
|
|
|
|
};
|
|
|
|
}
|