mynix/agenix
1
0
Fork 0
mirror of https://github.com/ryantm/agenix.git synced 2024-11-22 09:40:47 +03:00
Code Issues Projects Releases Packages Wiki Activity

move installation instructions to top

Browse source 
they are the most important part for someone to review
This commit is contained in:
Ryan Mulligan 2020-09-01 14:27:54 -07:00
parent 568dede67c
commit 4b6b3bba3d
1 changed files with 9 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
modules/age.nix
View file

@ -6,7 +6,15 @@ let
cfg = config.age; cfg = config.age;
users = config.users.users; users = config.users.users;
age-install-secrets = (pkgs.callPackage ../.. {}).age-install-secrets; installSecret = secretType: ''
TMP_DIR=$(mktemp -d)
TMP_FILE="$TMP_DIR/file"
(umask 0400; ${pkgs.age}/bin/age --decrypt ${identities} -o "$TMP_FILE" "${secretType.file}")
install -o '${secretType.owner}' -g '${secretType.group}' -m '${secretType.mode}' "$TMP_FILE" '${secretType.path}'
rm -rf "$TMP_DIR"
'';
installAllSecrets = builtins.concatStringsSep (map installSecret (builtins.attrValues cfg.secrets));
secretType = types.submodule ({ config, ... }: { secretType = types.submodule ({ config, ... }: {
options = { options = {
@ -60,16 +68,6 @@ let
identities = builtins.concatStringsSep " " (map (path: "-i ${path}") cfg.sshKeyPaths); identities = builtins.concatStringsSep " " (map (path: "-i ${path}") cfg.sshKeyPaths);
installSecret = secretType: ''
TMP_DIR=$(mktemp -d)
TMP_FILE="$TMP_DIR/file"
(umask 0400; ${pkgs.age}/bin/age --decrypt ${identities} -o "$TMP_FILE" "${secretType.file}")
install -o '${secretType.owner}' -g '${secretType.group}' -m '${secretType.mode}' "$TMP_FILE" '${secretType.path}'
rm -rf "$TMP_DIR"
'';
installAllSecrets = builtins.concatStringsSep (map installSecret (builtins.attrValues cfg.secrets));
in { in {
options.age = { options.age = {
secrets = mkOption { secrets = mkOption {