From 1cf93825b21580bd9ad7f7cf1884ca7539dcf146 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 24 Sep 2021 18:37:36 +0200 Subject: [PATCH] secrets: register agenix secrets automatically --- secrets/default.nix | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/secrets/default.nix b/secrets/default.nix index 5baf964..ed7cae5 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -1,4 +1,4 @@ -{ inputs, lib, ... }: +{ inputs, lib, options, ... }: with lib; let @@ -30,6 +30,25 @@ throwOnCanary { valueType; }; + config.age = { + secrets = + let + toName = removeSuffix ".age"; + toSecret = name: _: { + file = ./. + "/${name}"; + owner = mkDefault "root"; + }; + convertSecrets = n: v: nameValuePair (toName n) (toSecret n v); + secrets = import ./secrets.nix; + in + lib.mapAttrs' convertSecrets secrets; + + sshKeyPaths = options.age.sshKeyPaths.default ++ [ + # FIXME: hard-coded path, could be inexistent + "/home/ambroisie/.ssh/id_ed25519" + ]; + }; + config.my.secrets = { acme.key = fileContents ./acme/key.env;