foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-01-31 04:58:01 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

lib: move getSecrets and attachSopsPathPrefix to public

Browse Source
This commit is contained in:
Gabriel Arazas 2023-07-14 10:50:37 +08:00
parent 651e9cb950
commit 70017e6de3
No known key found for this signature in database
GPG Key ID: ADE0C41DAB221FCC
2 changed files with 49 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
lib/default.nix
View File

@ -74,4 +74,53 @@ rec {
countAttrs = pred: attrs: countAttrs = pred: attrs:
lib.count (attr: pred attr.name attr.value) lib.count (attr: pred attr.name attr.value)
(lib.mapAttrsToList lib.nameValuePair attrs); (lib.mapAttrsToList lib.nameValuePair attrs);
/* Get the secrets from a given sops file. This will set the individual
attributes `sopsFile` with the given file to not interrupt as much as
possible with your own sops-nix workflow.
Examples:
lib.getSecrets ./sops.yaml {
ssh-key = { };
"borg/ssh-key" = { };
"wireguard/private-key" = {
group = config.users.users.systemd-network.group;
reloadUnits = [ "systemd-networkd.service" ];
mode = "0640";
};
}
*/
getSecrets = sopsFile: secrets:
let
getKey = key: { inherit key sopsFile; };
in
lib.mapAttrs
(path: attrs:
(getKey path) // attrs)
secrets;
/* Prepend a prefix for the given secrets. This allows a workflow for
separate sops file.
Examples:
lib.getSecrets ./sops.yaml {
ssh-key = { };
"borg/ssh-key" = { };
} //
(lib.getSecrets ./wireguard.yaml
(lib.attachSopsPathPrefix "wireguard" {
"private-key" = {
group = config.users.users.systemd-network.group;
reloadUnits = [ "systemd-networkd.service" ];
mode = "0640";
};
}))
*/
attachSopsPathPrefix = prefix: secrets:
lib.mapAttrs'
(key: settings:
lib.nameValuePair
"${prefix}/${key}"
({ inherit key; } // settings))
secrets;
} }

17
lib/private.nix
View File

@ -27,23 +27,6 @@ rec {
getSecret = path: ../secrets/${path}; getSecret = path: ../secrets/${path};
getSecrets = sopsFile: secrets:
let
getKey = key: { inherit key sopsFile; };
in
lib.mapAttrs
(path: attrs:
(getKey path) // attrs)
secrets;
attachSopsPathPrefix = prefix: secrets:
lib.mapAttrs'
(key: settings:
lib.nameValuePair
"${prefix}/${key}"
({ inherit key; } // settings))
secrets;
isInternal = config: config ? _isInsideFds && config._isInsideFds; isInternal = config: config ? _isInsideFds && config._isInsideFds;
getUsers = type: users: getUsers = type: users: