diff options
author | Franck Cuny <franck@fcuny.net> | 2022-04-13 13:49:17 -0700 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2022-04-13 13:49:17 -0700 |
commit | fb13f9d23a34812a6fa0407557b207a8636663cf (patch) | |
tree | 6ac8b6d8650c32d262953cc0b3f7722fff072b85 /modules/secrets | |
parent | grafana: use proper cert (diff) | |
download | world-fb13f9d23a34812a6fa0407557b207a8636663cf.tar.gz |
secrets: we can specify which user owns it
Diffstat (limited to 'modules/secrets')
-rw-r--r-- | modules/secrets/default.nix | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/modules/secrets/default.nix b/modules/secrets/default.nix index 20dbfd2..296f5fc 100644 --- a/modules/secrets/default.nix +++ b/modules/secrets/default.nix @@ -9,12 +9,17 @@ in { config.age = { secrets = let + toName = lib.removeSuffix ".age"; userExists = u: builtins.hasAttr u config.users.users; # Only set the user if it exists, to avoid warnings userIfExists = u: if userExists u then u else "root"; + toSecret = name: + { owner ? "root", ... }: { + file = "${secretsDir}/${name}"; + owner = lib.mkDefault (userIfExists owner); + }; in if pathExists secretsFile then - mapAttrs' (n: _: - nameValuePair (removeSuffix ".age" n) { file = "${secretsDir}/${n}"; }) + mapAttrs' (n: v: nameValuePair (toName n) (toSecret n v)) (import secretsFile) else { }; |