forked from fediversity/fediversity
46 lines
1,010 B
Nix
46 lines
1,010 B
Nix
{
|
|
lib,
|
|
...
|
|
}:
|
|
let
|
|
inherit (lib) mkOption types;
|
|
in
|
|
{
|
|
resources.secrets = {
|
|
description = "Age secrets.";
|
|
request =
|
|
{ ... }:
|
|
{
|
|
_class = "fediversity-resource-request";
|
|
options = {
|
|
names = mkOption {
|
|
type = types.listOf types.str;
|
|
default = [ ];
|
|
};
|
|
};
|
|
};
|
|
policy =
|
|
{ ... }:
|
|
{
|
|
_class = "fediversity-resource-policy";
|
|
config = {
|
|
resource-type = types.unspecified; # NixOS module
|
|
apply =
|
|
requests:
|
|
{
|
|
sources ? import ../../../../npins,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
"${sources.agenix}/modules/age.nix"
|
|
];
|
|
age.secrets = lib.genAttrs (lib.concatMap (request: request.names) requests) (name: {
|
|
inherit name;
|
|
value.file = "../../../../${name}.age";
|
|
});
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|