clerie/nixfiles
1
0
Fork 0
Code

lib/flake-helper.nix: Automatically load sops secrets

Browse Source
This commit is contained in:
clerie 2024-04-21 15:51:25 +02:00
parent 63c60391cc
commit 22512de722
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/dn42-ildix-service/configuration.nix
View File

@ -45,8 +45,6 @@
autoUpgrade = true; autoUpgrade = true;
}; };
sops.secrets.wg-monitoring = {};
clerie.monitoring = { clerie.monitoring = {
enable = true; enable = true;
id = "391"; id = "391";

11
lib/flake-helper.nix
View File

@ -54,8 +54,17 @@ rec {
}) (lib.filterAttrs (name: type: (type == "regular") && (lib.hasSuffix ".age" name) ) (if builtins.pathExists secretsPath then builtins.readDir secretsPath else {})); }) (lib.filterAttrs (name: type: (type == "regular") && (lib.hasSuffix ".age" name) ) (if builtins.pathExists secretsPath then builtins.readDir secretsPath else {}));
}) })
# Automatically load secrets from sops file for host # Automatically load secrets from sops file for host
({ ... }: { ({ config, lib, ... }: {
sops.defaultSopsFile = ../hosts + "/${name}/secrets.json"; sops.defaultSopsFile = ../hosts + "/${name}/secrets.json";
sops.secrets = let
secretFile = config.sops.defaultSopsFile;
secretNames = builtins.filter (name: name != "sops") (builtins.attrNames (builtins.fromJSON (builtins.readFile secretFile)));
secrets = if builtins.pathExists secretFile then
lib.listToAttrs (builtins.map (name: lib.nameValuePair name {}) secretNames)
else
{};
in
secrets;
}) })
]; ];
}; };