blob: 556bf32dae8b7972caadf2a694d913f927ce8b89 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
{ config, inputs, lib, options, ... }:
with builtins; {
imports = [ inputs.agenix.nixosModules.age ];
config.age = {
secrets = let
toName = lib.removeSuffix ".age";
userExists = u: builtins.hasAttr u config.users.users;
# Only set the user if it exists, to avoid warnings
userIfExists = u: if userExists u then u else "root";
toSecret = name:
{ owner ? "root", ... }: {
file = ./. + "/${name}";
owner = lib.mkDefault (userIfExists owner);
};
convertSecrets = n: v: lib.nameValuePair (toName n) (toSecret n v);
secrets = import ./secrets.nix;
in lib.mapAttrs' convertSecrets secrets;
identityPaths = options.age.identityPaths.default ++ (filter pathExists
[ "${config.users.users.fcuny.home}/.ssh/id_ed25519" ]);
};
}
|