diff options
| author | Franck Cuny <franck@fcuny.net> | 2022-06-10 11:42:32 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2022-06-10 13:12:35 -0700 |
| commit | 98e01cdbfa047a32c1beb73438c5b93ca0592978 (patch) | |
| tree | 403b462f1b6d6e4432c010e8f47e179e3e730a97 /modules/secrets | |
| parent | docs(gerrit): document various things (diff) | |
| download | infra-98e01cdbfa047a32c1beb73438c5b93ca0592978.tar.gz | |
fix(fmt): correct formatting for all nix files
This was done by running `nixpkgs-fmt .'.
Change-Id: I4ea6c1e759bf468d08074be2111cbc7af72df295
Reviewed-on: https://cl.fcuny.net/c/world/+/404
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
Diffstat (limited to 'modules/secrets')
| -rw-r--r-- | modules/secrets/default.nix | 43 |
1 files changed, 23 insertions, 20 deletions
diff --git a/modules/secrets/default.nix b/modules/secrets/default.nix index 04d1bfe..912d556 100644 --- a/modules/secrets/default.nix +++ b/modules/secrets/default.nix @@ -4,31 +4,34 @@ with lib; let secretsDir = "${toString ../../hosts}/${config.networking.hostName}/secrets"; secretsFile = "${secretsDir}/secrets.nix"; -in { +in +{ imports = [ inputs.agenix.nixosModules.age ]; config.age = { - secrets = let - toName = lib.removeSuffix ".age"; - userExists = u: builtins.hasAttr u config.users.users; - groupExists = g: builtins.hasAttr g config.users.groups; + secrets = + let + toName = lib.removeSuffix ".age"; + userExists = u: builtins.hasAttr u config.users.users; + groupExists = g: builtins.hasAttr g config.users.groups; - # Only set the user and/or group if they exist, to avoid warnings - userIfExists = u: if userExists u then u else "root"; - groupIfExists = g: if groupExists g then g else "root"; + # Only set the user and/or group if they exist, to avoid warnings + userIfExists = u: if userExists u then u else "root"; + groupIfExists = g: if groupExists g then g else "root"; - toSecret = name: - { owner ? "root", group ? "root", mode ? "0400", ... }: { - file = "${secretsDir}/${name}"; - owner = lib.mkDefault (userIfExists owner); - group = lib.mkDefault (groupIfExists group); - mode = mode; - }; - in if pathExists secretsFile then - mapAttrs' (n: v: nameValuePair (toName n) (toSecret n v)) - (import secretsFile) - else - { }; + toSecret = name: + { owner ? "root", group ? "root", mode ? "0400", ... }: { + file = "${secretsDir}/${name}"; + owner = lib.mkDefault (userIfExists owner); + group = lib.mkDefault (groupIfExists group); + mode = mode; + }; + in + if pathExists secretsFile then + mapAttrs' (n: v: nameValuePair (toName n) (toSecret n v)) + (import secretsFile) + else + { }; identityPaths = options.age.identityPaths.default ++ (filter pathExists [ "${config.users.users.fcuny.home}/.ssh/id_ed25519" ]); }; |