lib/flake-helper.nix: Automatically load secrets from hosts secrets directory

2023-05-01 12:09:47 +02:00 · 2023-05-01 12:09:47 +02:00 · d2472c79ee
parent 09b043c26c
commit d2472c79ee
3 changed files with 8 additions and 7 deletions
--- a/hosts/clerie-backup/configuration.nix
+++ b/hosts/clerie-backup/configuration.nix
@ -6,8 +6,6 @@
      ./hardware-configuration.nix
      ../../configuration/proxmox-vm

-      ./secrets
-
      ./restic-server.nix
    ];

--- a/hosts/clerie-backup/secrets/default.nix
+++ b/hosts/clerie-backup/secrets/default.nix
@ -1,5 +0,0 @@
-{ ... }:
-
-{
-  age.secrets.restic-server-cyan-htpasswd.file = ./restic-server-cyan-htpasswd.age;
-}
--- a/lib/flake-helper.nix
+++ b/lib/flake-helper.nix
@ -31,6 +31,14 @@ rec {
      agenix.nixosModules.default
      solid-xmpp-alarm.nixosModules.solid-xmpp-alarm
      (../hosts + "/${name}/configuration.nix")
+      # Automatically load secrets from the hosts secrets directory
+      ({ lib, ... }: let
+        secretsPath = ../hosts + "/${name}/secrets";
+      in {
+        age.secrets = lib.mapAttrs' (filename: _: lib.nameValuePair (lib.removeSuffix ".age" filename) {
+          file = secretsPath + "/${filename}";
+        }) (lib.filterAttrs (name: type: (type == "regular") && (lib.hasSuffix ".age" name) ) (if builtins.pathExists secretsPath then builtins.readDir secretsPath else {}));
+      })
    ];
  };