move installation instructions to top

they are the most important part for someone to review
This commit is contained in:
Ryan Mulligan 2020-09-01 14:27:54 -07:00
parent 568dede67c
commit 4b6b3bba3d

View file

@ -6,7 +6,15 @@ let
cfg = config.age; cfg = config.age;
users = config.users.users; users = config.users.users;
age-install-secrets = (pkgs.callPackage ../.. {}).age-install-secrets; installSecret = secretType: ''
TMP_DIR=$(mktemp -d)
TMP_FILE="$TMP_DIR/file"
(umask 0400; ${pkgs.age}/bin/age --decrypt ${identities} -o "$TMP_FILE" "${secretType.file}")
install -o '${secretType.owner}' -g '${secretType.group}' -m '${secretType.mode}' "$TMP_FILE" '${secretType.path}'
rm -rf "$TMP_DIR"
'';
installAllSecrets = builtins.concatStringsSep (map installSecret (builtins.attrValues cfg.secrets));
secretType = types.submodule ({ config, ... }: { secretType = types.submodule ({ config, ... }: {
options = { options = {
@ -60,16 +68,6 @@ let
identities = builtins.concatStringsSep " " (map (path: "-i ${path}") cfg.sshKeyPaths); identities = builtins.concatStringsSep " " (map (path: "-i ${path}") cfg.sshKeyPaths);
installSecret = secretType: ''
TMP_DIR=$(mktemp -d)
TMP_FILE="$TMP_DIR/file"
(umask 0400; ${pkgs.age}/bin/age --decrypt ${identities} -o "$TMP_FILE" "${secretType.file}")
install -o '${secretType.owner}' -g '${secretType.group}' -m '${secretType.mode}' "$TMP_FILE" '${secretType.path}'
rm -rf "$TMP_DIR"
'';
installAllSecrets = builtins.concatStringsSep (map installSecret (builtins.attrValues cfg.secrets));
in { in {
options.age = { options.age = {
secrets = mkOption { secrets = mkOption {