about summary refs log tree commit diff
path: root/modules/secrets
diff options
context:
space:
mode:
Diffstat (limited to 'modules/secrets')
-rw-r--r--modules/secrets/default.nix43
1 files changed, 23 insertions, 20 deletions
diff --git a/modules/secrets/default.nix b/modules/secrets/default.nix
index 04d1bfe..912d556 100644
--- a/modules/secrets/default.nix
+++ b/modules/secrets/default.nix
@@ -4,31 +4,34 @@ with lib;
 let
   secretsDir = "${toString ../../hosts}/${config.networking.hostName}/secrets";
   secretsFile = "${secretsDir}/secrets.nix";
-in {
+in
+{
   imports = [ inputs.agenix.nixosModules.age ];
 
   config.age = {
-    secrets = let
-      toName = lib.removeSuffix ".age";
-      userExists = u: builtins.hasAttr u config.users.users;
-      groupExists = g: builtins.hasAttr g config.users.groups;
+    secrets =
+      let
+        toName = lib.removeSuffix ".age";
+        userExists = u: builtins.hasAttr u config.users.users;
+        groupExists = g: builtins.hasAttr g config.users.groups;
 
-      # Only set the user and/or group if they exist, to avoid warnings
-      userIfExists = u: if userExists u then u else "root";
-      groupIfExists = g: if groupExists g then g else "root";
+        # Only set the user and/or group if they exist, to avoid warnings
+        userIfExists = u: if userExists u then u else "root";
+        groupIfExists = g: if groupExists g then g else "root";
 
-      toSecret = name:
-        { owner ? "root", group ? "root", mode ? "0400", ... }: {
-          file = "${secretsDir}/${name}";
-          owner = lib.mkDefault (userIfExists owner);
-          group = lib.mkDefault (groupIfExists group);
-          mode = mode;
-        };
-    in if pathExists secretsFile then
-      mapAttrs' (n: v: nameValuePair (toName n) (toSecret n v))
-      (import secretsFile)
-    else
-      { };
+        toSecret = name:
+          { owner ? "root", group ? "root", mode ? "0400", ... }: {
+            file = "${secretsDir}/${name}";
+            owner = lib.mkDefault (userIfExists owner);
+            group = lib.mkDefault (groupIfExists group);
+            mode = mode;
+          };
+      in
+      if pathExists secretsFile then
+        mapAttrs' (n: v: nameValuePair (toName n) (toSecret n v))
+          (import secretsFile)
+      else
+        { };
     identityPaths = options.age.identityPaths.default ++ (filter pathExists
       [ "${config.users.users.fcuny.home}/.ssh/id_ed25519" ]);
   };