diff options
Diffstat (limited to '')
-rw-r--r-- | hosts/aptos/secrets/wireguard_privatekey.age (renamed from modules/secrets/network/aptos/wireguard_privatekey.age) | bin | 467 -> 467 bytes | |||
-rw-r--r-- | modules/secrets/default.nix | 23 |
2 files changed, 12 insertions, 11 deletions
diff --git a/modules/secrets/network/aptos/wireguard_privatekey.age b/hosts/aptos/secrets/wireguard_privatekey.age index 2f6edf3..2f6edf3 100644 --- a/modules/secrets/network/aptos/wireguard_privatekey.age +++ b/hosts/aptos/secrets/wireguard_privatekey.age Binary files differdiff --git a/modules/secrets/default.nix b/modules/secrets/default.nix index 556bf32..20dbfd2 100644 --- a/modules/secrets/default.nix +++ b/modules/secrets/default.nix @@ -1,22 +1,23 @@ { config, inputs, lib, options, ... }: -with builtins; { +with builtins; +with lib; +let + secretsDir = "${toString ../../hosts}/${config.networking.hostName}/secrets"; + secretsFile = "${secretsDir}/secrets.nix"; +in { imports = [ inputs.agenix.nixosModules.age ]; config.age = { secrets = let - toName = lib.removeSuffix ".age"; userExists = u: builtins.hasAttr u config.users.users; # Only set the user if it exists, to avoid warnings userIfExists = u: if userExists u then u else "root"; - toSecret = name: - { owner ? "root", ... }: { - file = ./. + "/${name}"; - owner = lib.mkDefault (userIfExists owner); - }; - convertSecrets = n: v: lib.nameValuePair (toName n) (toSecret n v); - secrets = import ./secrets.nix; - in lib.mapAttrs' convertSecrets secrets; - + in if pathExists secretsFile then + mapAttrs' (n: _: + nameValuePair (removeSuffix ".age" n) { file = "${secretsDir}/${n}"; }) + (import secretsFile) + else + { }; identityPaths = options.age.identityPaths.default ++ (filter pathExists [ "${config.users.users.fcuny.home}/.ssh/id_ed25519" ]); }; |