forked from Fediversity/Fediversity
37 lines
847 B
Nix
37 lines
847 B
Nix
|
{
|
||
|
inputs,
|
||
|
lib,
|
||
|
...
|
||
|
}:
|
||
|
|
||
|
let
|
||
|
inherit (builtins) elem;
|
||
|
inherit (lib.attrsets) concatMapAttrs filterAttrs;
|
||
|
inherit (lib.strings) removeSuffix;
|
||
|
|
||
|
secrets = import ./secrets.nix;
|
||
|
in
|
||
|
{
|
||
|
flake = {
|
||
|
inherit secrets;
|
||
|
|
||
|
nixosModules.ageSecrets = (
|
||
|
{ config, ... }:
|
||
|
{
|
||
|
imports = [ inputs.agenix.nixosModules.default ];
|
||
|
|
||
|
options.x_fediversity.hostPublicKey = lib.mkOption {
|
||
|
description = ''
|
||
|
The host public key of the machine. It is used in particular
|
||
|
to filter Age secrets and only keep the relevant ones.
|
||
|
'';
|
||
|
};
|
||
|
|
||
|
config.age.secrets = concatMapAttrs (name: _: {
|
||
|
${removeSuffix ".age" name}.file = ./. + "/${name}";
|
||
|
}) (filterAttrs (_: secret: elem config.x_fediversity.hostPublicKey secret.publicKeys) secrets);
|
||
|
}
|
||
|
);
|
||
|
};
|
||
|
}
|