blob: 912d556466514c8144dc97128557c41682a97e17 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
{ config, inputs, lib, options, ... }:
with builtins;
with lib;
let
secretsDir = "${toString ../../hosts}/${config.networking.hostName}/secrets";
secretsFile = "${secretsDir}/secrets.nix";
in
{
imports = [ inputs.agenix.nixosModules.age ];
config.age = {
secrets =
let
toName = lib.removeSuffix ".age";
userExists = u: builtins.hasAttr u config.users.users;
groupExists = g: builtins.hasAttr g config.users.groups;
# Only set the user and/or group if they exist, to avoid warnings
userIfExists = u: if userExists u then u else "root";
groupIfExists = g: if groupExists g then g else "root";
toSecret = name:
{ owner ? "root", group ? "root", mode ? "0400", ... }: {
file = "${secretsDir}/${name}";
owner = lib.mkDefault (userIfExists owner);
group = lib.mkDefault (groupIfExists group);
mode = mode;
};
in
if pathExists secretsFile then
mapAttrs' (n: v: nameValuePair (toName n) (toSecret n v))
(import secretsFile)
else
{ };
identityPaths = options.age.identityPaths.default ++ (filter pathExists
[ "${config.users.users.fcuny.home}/.ssh/id_ed25519" ]);
};
}
|
