secrets: register agenix secrets automatically

2021-09-24 18:37:36 +02:00 · 2021-09-24 18:37:36 +02:00 · 1cf93825b2
parent 8a2aad9b54
commit 1cf93825b2
1 changed files with 20 additions and 1 deletions
--- a/secrets/default.nix
+++ b/secrets/default.nix
@ -1,4 +1,4 @@
-{ inputs, lib, ... }:
+{ inputs, lib, options, ... }:

 with lib;
 let
@ -30,6 +30,25 @@ throwOnCanary {
      valueType;
  };

+  config.age = {
+    secrets =
+      let
+        toName = removeSuffix ".age";
+        toSecret = name: _: {
+          file = ./. + "/${name}";
+          owner = mkDefault "root";
+        };
+        convertSecrets = n: v: nameValuePair (toName n) (toSecret n v);
+        secrets = import ./secrets.nix;
+      in
+      lib.mapAttrs' convertSecrets secrets;
+
+    sshKeyPaths = options.age.sshKeyPaths.default ++ [
+      # FIXME: hard-coded path, could be inexistent
+      "/home/ambroisie/.ssh/id_ed25519"
+    ];
+  };
+
  config.my.secrets = {
    acme.key = fileContents ./acme/key.env;