lib: move getSecrets and attachSopsPathPrefix to public

2025-01-31 04:58:01 +00:00 · 2023-07-14 10:50:37 +08:00 · 2023-07-14 10:50:37 +08:00 · 70017e6de3
commit 70017e6de3
parent 651e9cb950
2 changed files with 49 additions and 17 deletions
--- a/lib/default.nix
+++ b/lib/default.nix
@ -74,4 +74,53 @@ rec {
  countAttrs = pred: attrs:
    lib.count (attr: pred attr.name attr.value)
      (lib.mapAttrsToList lib.nameValuePair attrs);
+
+  /* Get the secrets from a given sops file. This will set the individual
+     attributes `sopsFile` with the given file to not interrupt as much as
+     possible with your own sops-nix workflow.
+
+     Examples:
+      lib.getSecrets ./sops.yaml {
+        ssh-key = { };
+        "borg/ssh-key" = { };
+        "wireguard/private-key" = {
+          group = config.users.users.systemd-network.group;
+          reloadUnits = [ "systemd-networkd.service" ];
+          mode = "0640";
+        };
+      }
+  */
+  getSecrets = sopsFile: secrets:
+    let
+      getKey = key: { inherit key sopsFile; };
+    in
+    lib.mapAttrs
+      (path: attrs:
+        (getKey path) // attrs)
+      secrets;
+
+  /* Prepend a prefix for the given secrets. This allows a workflow for
+     separate sops file.
+
+     Examples:
+       lib.getSecrets ./sops.yaml {
+        ssh-key = { };
+        "borg/ssh-key" = { };
+      } //
+      (lib.getSecrets ./wireguard.yaml
+        (lib.attachSopsPathPrefix "wireguard" {
+          "private-key" = {
+            group = config.users.users.systemd-network.group;
+            reloadUnits = [ "systemd-networkd.service" ];
+            mode = "0640";
+          };
+        }))
+  */
+  attachSopsPathPrefix = prefix: secrets:
+    lib.mapAttrs'
+      (key: settings:
+        lib.nameValuePair
+          "${prefix}/${key}"
+          ({ inherit key; } // settings))
+      secrets;
 }
--- a/lib/private.nix
+++ b/lib/private.nix
@ -27,23 +27,6 @@ rec {

  getSecret = path: ../secrets/${path};

-  getSecrets = sopsFile: secrets:
-    let
-      getKey = key: { inherit key sopsFile; };
-    in
-    lib.mapAttrs
-      (path: attrs:
-        (getKey path) // attrs)
-      secrets;
-
-  attachSopsPathPrefix = prefix: secrets:
-    lib.mapAttrs'
-      (key: settings:
-        lib.nameValuePair
-          "${prefix}/${key}"
-          ({ inherit key; } // settings))
-      secrets;
-
  isInternal = config: config ? _isInsideFds && config._isInsideFds;

  getUsers = type: users: