foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-03-15 12:19:00 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

lib/env-specific/sops: add convenient function for getting whole file as secret

Browse Source
This commit is contained in:
Gabriel Arazas 2025-02-28 14:52:11 +08:00
parent 3dfeb40453
commit 1c60b9f615
No known key found for this signature in database
GPG Key ID: 62104B43D00AA360
1 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
lib/env-specific/sops.nix
View File

@ -1,7 +1,18 @@
# A library specifically for environments with sops-nix.
{ pkgs, lib, self }:
{
let
inferFormat = sopsFile:
let endsWith = ext: lib.hasSuffix ext sopsFile;
in
if (endsWith ".env") then "dotenv"
else if (endsWith ".yaml") then "yaml"
else if (endsWith ".json") then "json"
else if (endsWith ".ini") then "ini"
else if (endsWith ".bin") then "binary"
else "yaml";
in
rec {
/* Get the secrets from a given sops file. This will set the individual
attributes `sopsFile` with the given file to not interrupt as much as
possible with your own sops-nix workflow.
@ -18,9 +29,21 @@
}
*/
getSecrets = sopsFile: secrets:
let getKey = key: { inherit key sopsFile; };
let getKey = key: {
inherit key sopsFile;
format = inferFormat sopsFile;
};
in lib.mapAttrs (path: attrs: (getKey path) // attrs) secrets;
getAsOneSecret = sopsFile:
{
inherit sopsFile;
format = inferFormat sopsFile;
# This value basically means it's the whole file.
key = "";
};
/* Prepend a prefix for the given secrets. This allows a workflow for
separate sops file.