From 70017e6de3da12468ba99ca020694bb69307c693 Mon Sep 17 00:00:00 2001
From: Gabriel Arazas <foodogsquared@foodogsquared.one>
Date: Fri, 14 Jul 2023 10:50:37 +0800
Subject: [PATCH] lib: move `getSecrets` and `attachSopsPathPrefix` to public

---
 lib/default.nix | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 lib/private.nix | 17 -----------------
 2 files changed, 49 insertions(+), 17 deletions(-)

diff --git a/lib/default.nix b/lib/default.nix
index 5459b5e2..ee3ec6ca 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -74,4 +74,53 @@ rec {
   countAttrs = pred: attrs:
     lib.count (attr: pred attr.name attr.value)
       (lib.mapAttrsToList lib.nameValuePair attrs);
+
+  /* Get the secrets from a given sops file. This will set the individual
+     attributes `sopsFile` with the given file to not interrupt as much as
+     possible with your own sops-nix workflow.
+
+     Examples:
+      lib.getSecrets ./sops.yaml {
+        ssh-key = { };
+        "borg/ssh-key" = { };
+        "wireguard/private-key" = {
+          group = config.users.users.systemd-network.group;
+          reloadUnits = [ "systemd-networkd.service" ];
+          mode = "0640";
+        };
+      }
+  */
+  getSecrets = sopsFile: secrets:
+    let
+      getKey = key: { inherit key sopsFile; };
+    in
+    lib.mapAttrs
+      (path: attrs:
+        (getKey path) // attrs)
+      secrets;
+
+  /* Prepend a prefix for the given secrets. This allows a workflow for
+     separate sops file.
+
+     Examples:
+       lib.getSecrets ./sops.yaml {
+        ssh-key = { };
+        "borg/ssh-key" = { };
+      } //
+      (lib.getSecrets ./wireguard.yaml
+        (lib.attachSopsPathPrefix "wireguard" {
+          "private-key" = {
+            group = config.users.users.systemd-network.group;
+            reloadUnits = [ "systemd-networkd.service" ];
+            mode = "0640";
+          };
+        }))
+  */
+  attachSopsPathPrefix = prefix: secrets:
+    lib.mapAttrs'
+      (key: settings:
+        lib.nameValuePair
+          "${prefix}/${key}"
+          ({ inherit key; } // settings))
+      secrets;
 }
diff --git a/lib/private.nix b/lib/private.nix
index f54b16c0..d0786360 100644
--- a/lib/private.nix
+++ b/lib/private.nix
@@ -27,23 +27,6 @@ rec {
 
   getSecret = path: ../secrets/${path};
 
-  getSecrets = sopsFile: secrets:
-    let
-      getKey = key: { inherit key sopsFile; };
-    in
-    lib.mapAttrs
-      (path: attrs:
-        (getKey path) // attrs)
-      secrets;
-
-  attachSopsPathPrefix = prefix: secrets:
-    lib.mapAttrs'
-      (key: settings:
-        lib.nameValuePair
-          "${prefix}/${key}"
-          ({ inherit key; } // settings))
-      secrets;
-
   isInternal = config: config ? _isInsideFds && config._isInsideFds;
 
   getUsers = type: users: