Fediversity/secrets/flake-part.nix

{
  inputs,
  lib,
  ...
}:

let
  inherit (builtins) elem;
  inherit (lib.attrsets) concatMapAttrs optionalAttrs;
  inherit (lib.strings) removeSuffix;

  secrets = import ./secrets.nix;
in
{
  flake = {
    inherit secrets;

    nixosModules.ageSecrets = (
      { config, ... }:
      {
        imports = [ inputs.agenix.nixosModules.default ];

        options.fediversity.hostPublicKey = lib.mkOption {
          description = ''
            The host public key of the machine. It is used in particular
            to filter Age secrets and only keep the relevant ones.
          '';
        };

        config.age.secrets = concatMapAttrs (
          name: secret:
          optionalAttrs (elem config.fediversity.hostPublicKey secret.publicKeys) ({
            ${removeSuffix ".age" name}.file = ./. + "/${name}";
          })
        ) secrets;
      }
    );
  };
}
Expose keys and secrets in the global flake 2024-12-12 11:05:11 +01:00			`{`
			`inputs,`
			`lib,`
			`...`
			`}:`

			`let`
			`inherit (builtins) elem;`
Replace `concatMapAttrs` + `filterAttrs` by `concatMapAttrs` + `optionalAttrs` 2024-12-13 12:34:58 +01:00			`inherit (lib.attrsets) concatMapAttrs optionalAttrs;`
Expose keys and secrets in the global flake 2024-12-12 11:05:11 +01:00			`inherit (lib.strings) removeSuffix;`

			`secrets = import ./secrets.nix;`
			`in`
			`{`
			`flake = {`
			`inherit secrets;`

			`nixosModules.ageSecrets = (`
			`{ config, ... }:`
			`{`
			`imports = [ inputs.agenix.nixosModules.default ];`

s/x_fediversity/fediversity/ 2024-12-13 12:37:25 +01:00			`options.fediversity.hostPublicKey = lib.mkOption {`
Expose keys and secrets in the global flake 2024-12-12 11:05:11 +01:00			`description = ''`
			`The host public key of the machine. It is used in particular`
			`to filter Age secrets and only keep the relevant ones.`
			`'';`
			`};`

Replace `concatMapAttrs` + `filterAttrs` by `concatMapAttrs` + `optionalAttrs` 2024-12-13 12:34:58 +01:00			`config.age.secrets = concatMapAttrs (`
			`name: secret:`
s/x_fediversity/fediversity/ 2024-12-13 12:37:25 +01:00			`optionalAttrs (elem config.fediversity.hostPublicKey secret.publicKeys) ({`
Replace `concatMapAttrs` + `filterAttrs` by `concatMapAttrs` + `optionalAttrs` 2024-12-13 12:34:58 +01:00			`${removeSuffix ".age" name}.file = ./. + "/${name}";`
			`})`
			`) secrets;`
Expose keys and secrets in the global flake 2024-12-12 11:05:11 +01:00			`}`
			`);`
			`};`
			`}`