From 4b6b3bba3d0be64fdeade36c90f48a392a82ff21 Mon Sep 17 00:00:00 2001 From: Ryan Mulligan Date: Tue, 1 Sep 2020 14:27:54 -0700 Subject: [PATCH] move installation instructions to top they are the most important part for someone to review --- modules/age.nix | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/modules/age.nix b/modules/age.nix index 4ec6f3b..32bb15e 100644 --- a/modules/age.nix +++ b/modules/age.nix @@ -6,7 +6,15 @@ let cfg = config.age; users = config.users.users; - age-install-secrets = (pkgs.callPackage ../.. {}).age-install-secrets; + installSecret = secretType: '' + TMP_DIR=$(mktemp -d) + TMP_FILE="$TMP_DIR/file" + (umask 0400; ${pkgs.age}/bin/age --decrypt ${identities} -o "$TMP_FILE" "${secretType.file}") + install -o '${secretType.owner}' -g '${secretType.group}' -m '${secretType.mode}' "$TMP_FILE" '${secretType.path}' + rm -rf "$TMP_DIR" + ''; + + installAllSecrets = builtins.concatStringsSep (map installSecret (builtins.attrValues cfg.secrets)); secretType = types.submodule ({ config, ... }: { options = { @@ -60,16 +68,6 @@ let identities = builtins.concatStringsSep " " (map (path: "-i ${path}") cfg.sshKeyPaths); - installSecret = secretType: '' - TMP_DIR=$(mktemp -d) - TMP_FILE="$TMP_DIR/file" - (umask 0400; ${pkgs.age}/bin/age --decrypt ${identities} -o "$TMP_FILE" "${secretType.file}") - install -o '${secretType.owner}' -g '${secretType.group}' -m '${secretType.mode}' "$TMP_FILE" '${secretType.path}' - rm -rf "$TMP_DIR" - ''; - - installAllSecrets = builtins.concatStringsSep (map installSecret (builtins.attrValues cfg.secrets)); - in { options.age = { secrets = mkOption {