alarsyo/nixos-config
alarsyo/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

secrets: list secrets used on host explicitly

Browse source
This commit is contained in:
Antoine Martin 2022-01-21 01:40:53 +01:00
parent 8881850730
commit 096c2abb02
5 changed files with 41 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hosts/boreal/default.nix
View file

@ -9,6 +9,8 @@
./hardware-configuration.nix ./hardware-configuration.nix
./home.nix ./home.nix
./secrets.nix
]; ];
boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgs.linuxPackages_latest;

19
hosts/boreal/secrets.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, lib, options, ... }:
{
config.age = {
secrets =
let
toSecret = name: { ... }@attrs: {
file = ./../../modules/secrets + "/${name}.age";
} // attrs;
in
lib.mapAttrs toSecret {
"restic-backup/boreal-credentials" = {};
"restic-backup/boreal-password" = {};
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
};
};
}

1
hosts/zephyrus/default.nix
View file

@ -8,6 +8,7 @@
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
./home.nix ./home.nix
./secrets.nix
]; ];
boot.kernelPackages = pkgs.linuxPackages; boot.kernelPackages = pkgs.linuxPackages;

19
hosts/zephyrus/secrets.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, lib, options, ... }:
{
config.age = {
secrets =
let
toSecret = name: { ... }@attrs: {
file = ./../../modules/secrets + "/${name}.age";
} // attrs;
in
lib.mapAttrs toSecret {
"restic-backup/zephyrus-credentials" = {};
"restic-backup/zephyrus-password" = {};
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
};
};
}

15
modules/secrets/default.nix
View file

@ -2,21 +2,6 @@
{ {
config.age = { config.age = {
secrets =
let
toName = lib.removeSuffix ".age";
userExists = u: builtins.hasAttr u config.users.users;
# Only set the user if it exists, to avoid warnings
userIfExists = u: if userExists u then u else "root";
toSecret = name: { owner ? "root", ... }: {
file = ./. + "/${name}";
owner = lib.mkDefault (userIfExists owner);
};
convertSecrets = n: v: lib.nameValuePair (toName n) (toSecret n v);
secrets = import ./secrets.nix;
in
lib.mapAttrs' convertSecrets secrets;
identityPaths = options.age.identityPaths.default ++ [ identityPaths = options.age.identityPaths.default ++ [
"/home/alarsyo/.ssh/id_ed25519" "/home/alarsyo/.ssh/id_ed25519"
]; ];