From 22512de722187fa6c6f3b7a18d266fcd8ee562b9 Mon Sep 17 00:00:00 2001 From: clerie Date: Sun, 21 Apr 2024 15:51:25 +0200 Subject: [PATCH] lib/flake-helper.nix: Automatically load sops secrets --- hosts/dn42-ildix-service/configuration.nix | 2 -- lib/flake-helper.nix | 11 ++++++++++- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/hosts/dn42-ildix-service/configuration.nix b/hosts/dn42-ildix-service/configuration.nix index 895bc5a..dae07f6 100644 --- a/hosts/dn42-ildix-service/configuration.nix +++ b/hosts/dn42-ildix-service/configuration.nix @@ -45,8 +45,6 @@ autoUpgrade = true; }; - sops.secrets.wg-monitoring = {}; - clerie.monitoring = { enable = true; id = "391"; diff --git a/lib/flake-helper.nix b/lib/flake-helper.nix index ed8e299..e852414 100644 --- a/lib/flake-helper.nix +++ b/lib/flake-helper.nix @@ -54,8 +54,17 @@ rec { }) (lib.filterAttrs (name: type: (type == "regular") && (lib.hasSuffix ".age" name) ) (if builtins.pathExists secretsPath then builtins.readDir secretsPath else {})); }) # Automatically load secrets from sops file for host - ({ ... }: { + ({ config, lib, ... }: { sops.defaultSopsFile = ../hosts + "/${name}/secrets.json"; + sops.secrets = let + secretFile = config.sops.defaultSopsFile; + secretNames = builtins.filter (name: name != "sops") (builtins.attrNames (builtins.fromJSON (builtins.readFile secretFile))); + secrets = if builtins.pathExists secretFile then + lib.listToAttrs (builtins.map (name: lib.nameValuePair name {}) secretNames) + else + {}; + in + secrets; }) ]; };