ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

hosts: nixos: add host-specific secrets module

Browse source 
This is the same logic as the common module, but for secrets that don't
need to be shared to different hosts.
This commit is contained in:
Bruno BELANYI 2023-04-13 16:48:37 +00:00
parent 34a3f9a0d6
commit 57008bcb7c
7 changed files with 70 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
hosts/nixos/aramis/default.nix
View file

@ -12,6 +12,7 @@
./networking.nix ./networking.nix
./profiles.nix ./profiles.nix
./programs.nix ./programs.nix
./secrets
./services.nix ./services.nix
./sound.nix ./sound.nix
]; ];

20
hosts/nixos/aramis/secrets/default.nix Normal file
View file

@ -0,0 +1,20 @@
{ config, lib, ... }:
{
config.age = {
secrets =
let
toName = lib.removeSuffix ".age";
userExists = u: builtins.hasAttr u config.users.users;
# Only set the user if it exists, to avoid warnings
userIfExists = u: if userExists u then u else "root";
toSecret = name: { owner ? "root", ... }: {
file = ./. + "/${name}";
owner = lib.mkDefault (userIfExists owner);
};
convertSecrets = n: v: lib.nameValuePair (toName n) (toSecret n v);
secrets = import ./secrets.nix;
in
lib.mapAttrs' convertSecrets secrets;
};
}

13
hosts/nixos/aramis/secrets/secrets.nix Normal file
View file

@ -0,0 +1,13 @@
# Host-specific secrets
let
keys = import ../../../../keys;
all = [
# This host is a laptop, it does not have a host key
# Allow me to modify the secrets anywhere
keys.users.ambroisie
];
in
{
# Add secrets here
}

1
hosts/nixos/porthos/default.nix
View file

@ -7,6 +7,7 @@
./hardware.nix ./hardware.nix
./home.nix ./home.nix
./networking.nix ./networking.nix
./secrets
./services.nix ./services.nix
./users.nix ./users.nix
]; ];

20
hosts/nixos/porthos/secrets/default.nix Normal file
View file

@ -0,0 +1,20 @@
{ config, lib, ... }:
{
config.age = {
secrets =
let
toName = lib.removeSuffix ".age";
userExists = u: builtins.hasAttr u config.users.users;
# Only set the user if it exists, to avoid warnings
userIfExists = u: if userExists u then u else "root";
toSecret = name: { owner ? "root", ... }: {
file = ./. + "/${name}";
owner = lib.mkDefault (userIfExists owner);
};
convertSecrets = n: v: lib.nameValuePair (toName n) (toSecret n v);
secrets = import ./secrets.nix;
in
lib.mapAttrs' convertSecrets secrets;
};
}

14
hosts/nixos/porthos/secrets/secrets.nix Normal file
View file

@ -0,0 +1,14 @@
# Host-specific secrets
let
keys = import ../../../../keys;
all = [
# Host key
keys.hosts.porthos
# Allow me to modify the secrets anywhere
keys.users.ambroisie
];
in
{
# Add secrets here
}

1
modules/secrets/secrets.nix
View file

@ -1,3 +1,4 @@
# Common secrets
let let
keys = import ../../keys; keys = import ../../keys;