forked from Fediversity/Fediversity
Expose keys and secrets in the global flake
This commit is contained in:
parent
7908affaab
commit
109284b98b
GPG key ID:
35DB9EC8886E1CB8
|
|
@ -27,7 +27,9 @@
|
||||||
|
|
||||||
./deployment/flake-part.nix
|
./deployment/flake-part.nix
|
||||||
./infra/flake-part.nix
|
./infra/flake-part.nix
|
||||||
|
./keys/flake-part.nix
|
||||||
./services/flake-part.nix
|
./services/flake-part.nix
|
||||||
|
./secrets/flake-part.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
perSystem =
|
perSystem =
|
||||||
|
|
|
||||||
3
keys/flake-part.nix
Normal file
3
keys/flake-part.nix
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
{
|
||||||
|
flake.keys = import ./.;
|
||||||
|
}
|
||||||
36
secrets/flake-part.nix
Normal file
36
secrets/flake-part.nix
Normal file
|
|
@ -0,0 +1,36 @@
|
||||||
|
{
|
||||||
|
inputs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
|
let
|
||||||
|
inherit (builtins) elem;
|
||||||
|
inherit (lib.attrsets) concatMapAttrs filterAttrs;
|
||||||
|
inherit (lib.strings) removeSuffix;
|
||||||
|
|
||||||
|
secrets = import ./secrets.nix;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
flake = {
|
||||||
|
inherit secrets;
|
||||||
|
|
||||||
|
nixosModules.ageSecrets = (
|
||||||
|
{ config, ... }:
|
||||||
|
{
|
||||||
|
imports = [ inputs.agenix.nixosModules.default ];
|
||||||
|
|
||||||
|
options.x_fediversity.hostPublicKey = lib.mkOption {
|
||||||
|
description = ''
|
||||||
|
The host public key of the machine. It is used in particular
|
||||||
|
to filter Age secrets and only keep the relevant ones.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
config.age.secrets = concatMapAttrs (name: _: {
|
||||||
|
${removeSuffix ".age" name}.file = ./. + "/${name}";
|
||||||
|
}) (filterAttrs (_: secret: elem config.x_fediversity.hostPublicKey secret.publicKeys) secrets);
|
||||||
|
}
|
||||||
|
);
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -1,7 +1,9 @@
|
||||||
let
|
let
|
||||||
pkgs = import <nixpkgs> { system = builtins.currentSystem; };
|
inherit (builtins) attrValues foldl' mapAttrs;
|
||||||
inherit (builtins) attrValues;
|
## `mergeAttrs` and `concatMapAttrs` are in `lib.trivial` and `lib.attrsets`,
|
||||||
inherit (pkgs.lib.attrsets) concatMapAttrs;
|
## but we would rather avoid a dependency in nixpkgs for this file.
|
||||||
|
mergeAttrs = x: y: x // y;
|
||||||
|
concatMapAttrs = f: v: foldl' mergeAttrs { } (attrValues (mapAttrs f v));
|
||||||
|
|
||||||
keys = import ../keys;
|
keys = import ../keys;
|
||||||
contributors = attrValues keys.contributors;
|
contributors = attrValues keys.contributors;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue