diff options
Diffstat (limited to 'modules/secrets/default.nix')
| -rw-r--r-- | modules/secrets/default.nix | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/modules/secrets/default.nix b/modules/secrets/default.nix index 556bf32..20dbfd2 100644 --- a/modules/secrets/default.nix +++ b/modules/secrets/default.nix @@ -1,22 +1,23 @@ { config, inputs, lib, options, ... }: -with builtins; { +with builtins; +with lib; +let + secretsDir = "${toString ../../hosts}/${config.networking.hostName}/secrets"; + secretsFile = "${secretsDir}/secrets.nix"; +in { imports = [ inputs.agenix.nixosModules.age ]; config.age = { secrets = let - toName = lib.removeSuffix ".age"; userExists = u: builtins.hasAttr u config.users.users; # Only set the user if it exists, to avoid warnings userIfExists = u: if userExists u then u else "root"; - toSecret = name: - { owner ? "root", ... }: { - file = ./. + "/${name}"; - owner = lib.mkDefault (userIfExists owner); - }; - convertSecrets = n: v: lib.nameValuePair (toName n) (toSecret n v); - secrets = import ./secrets.nix; - in lib.mapAttrs' convertSecrets secrets; - + in if pathExists secretsFile then + mapAttrs' (n: _: + nameValuePair (removeSuffix ".age" n) { file = "${secretsDir}/${n}"; }) + (import secretsFile) + else + { }; identityPaths = options.age.identityPaths.default ++ (filter pathExists [ "${config.users.users.fcuny.home}/.ssh/id_ed25519" ]); }; |