From 22512de722187fa6c6f3b7a18d266fcd8ee562b9 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Sun, 21 Apr 2024 15:51:25 +0200
Subject: [PATCH] lib/flake-helper.nix: Automatically load sops secrets

---
 hosts/dn42-ildix-service/configuration.nix |  2 --
 lib/flake-helper.nix                       | 11 ++++++++++-
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/hosts/dn42-ildix-service/configuration.nix b/hosts/dn42-ildix-service/configuration.nix
index 895bc5a..dae07f6 100644
--- a/hosts/dn42-ildix-service/configuration.nix
+++ b/hosts/dn42-ildix-service/configuration.nix
@@ -45,8 +45,6 @@
     autoUpgrade = true;
   };
 
-  sops.secrets.wg-monitoring = {};
-
   clerie.monitoring = {
     enable = true;
     id = "391";
diff --git a/lib/flake-helper.nix b/lib/flake-helper.nix
index ed8e299..e852414 100644
--- a/lib/flake-helper.nix
+++ b/lib/flake-helper.nix
@@ -54,8 +54,17 @@ rec {
         }) (lib.filterAttrs (name: type: (type == "regular") && (lib.hasSuffix ".age" name) ) (if builtins.pathExists secretsPath then builtins.readDir secretsPath else {}));
       })
       # Automatically load secrets from sops file for host
-      ({ ... }: {
+      ({ config, lib, ... }: {
         sops.defaultSopsFile = ../hosts + "/${name}/secrets.json";
+        sops.secrets = let
+          secretFile = config.sops.defaultSopsFile;
+          secretNames = builtins.filter (name: name != "sops") (builtins.attrNames (builtins.fromJSON (builtins.readFile secretFile)));
+          secrets = if builtins.pathExists secretFile then
+            lib.listToAttrs (builtins.map (name: lib.nameValuePair name {}) secretNames)
+          else
+            {};
+        in
+          secrets;
       })
     ];
   };