lib/flake-helper.nix: Automatically load sops secrets

2024-04-21 15:51:25 +02:00 · 2024-04-21 15:51:25 +02:00 · 22512de722
parent 63c60391cc
commit 22512de722
2 changed files with 10 additions and 3 deletions
--- a/hosts/dn42-ildix-service/configuration.nix
+++ b/hosts/dn42-ildix-service/configuration.nix
@ -45,8 +45,6 @@
    autoUpgrade = true;
  };

-  sops.secrets.wg-monitoring = {};
-
  clerie.monitoring = {
    enable = true;
    id = "391";
--- a/lib/flake-helper.nix
+++ b/lib/flake-helper.nix
@ -54,8 +54,17 @@ rec {
        }) (lib.filterAttrs (name: type: (type == "regular") && (lib.hasSuffix ".age" name) ) (if builtins.pathExists secretsPath then builtins.readDir secretsPath else {}));
      })
      # Automatically load secrets from sops file for host
-      ({ ... }: {
+      ({ config, lib, ... }: {
        sops.defaultSopsFile = ../hosts + "/${name}/secrets.json";
+        sops.secrets = let
+          secretFile = config.sops.defaultSopsFile;
+          secretNames = builtins.filter (name: name != "sops") (builtins.attrNames (builtins.fromJSON (builtins.readFile secretFile)));
+          secrets = if builtins.pathExists secretFile then
+            lib.listToAttrs (builtins.map (name: lib.nameValuePair name {}) secretNames)
+          else
+            {};
+        in
+          secrets;
      })
    ];
  };