about summary refs log tree commit diff
path: root/modules/secrets/default.nix
blob: 20dbfd2163ac265fe9520e15c883a3bdc96bf533 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
{ config, inputs, lib, options, ... }:
with builtins;
with lib;
let
  secretsDir = "${toString ../../hosts}/${config.networking.hostName}/secrets";
  secretsFile = "${secretsDir}/secrets.nix";
in {
  imports = [ inputs.agenix.nixosModules.age ];

  config.age = {
    secrets = let
      userExists = u: builtins.hasAttr u config.users.users;
      # Only set the user if it exists, to avoid warnings
      userIfExists = u: if userExists u then u else "root";
    in if pathExists secretsFile then
      mapAttrs' (n: _:
        nameValuePair (removeSuffix ".age" n) { file = "${secretsDir}/${n}"; })
      (import secretsFile)
    else
      { };
    identityPaths = options.age.identityPaths.default ++ (filter pathExists
      [ "${config.users.users.fcuny.home}/.ssh/id_ed25519" ]);
  };
}