forked from Fediversity/Fediversity
37 lines
847 B
Nix
37 lines
847 B
Nix
{
|
|
inputs,
|
|
lib,
|
|
...
|
|
}:
|
|
|
|
let
|
|
inherit (builtins) elem;
|
|
inherit (lib.attrsets) concatMapAttrs filterAttrs;
|
|
inherit (lib.strings) removeSuffix;
|
|
|
|
secrets = import ./secrets.nix;
|
|
in
|
|
{
|
|
flake = {
|
|
inherit secrets;
|
|
|
|
nixosModules.ageSecrets = (
|
|
{ config, ... }:
|
|
{
|
|
imports = [ inputs.agenix.nixosModules.default ];
|
|
|
|
options.x_fediversity.hostPublicKey = lib.mkOption {
|
|
description = ''
|
|
The host public key of the machine. It is used in particular
|
|
to filter Age secrets and only keep the relevant ones.
|
|
'';
|
|
};
|
|
|
|
config.age.secrets = concatMapAttrs (name: _: {
|
|
${removeSuffix ".age" name}.file = ./. + "/${name}";
|
|
}) (filterAttrs (_: secret: elem config.x_fediversity.hostPublicKey secret.publicKeys) secrets);
|
|
}
|
|
);
|
|
};
|
|
}
|