gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

meta: Avoid building rbw-bitw for all hosts

Browse source
This commit is contained in:
kat witch 2021-09-04 19:34:09 +01:00
parent a23c94f597
commit b154039b72
No known key found for this signature in database
GPG key ID: 1B477797DCA5EC72
5 changed files with 28 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

5
config/modules/meta/secrets.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, lib, ... }: with lib; {
options.kw.secrets.command = mkOption {
type = types.str;
};
}

8
config/modules/nixos/secrets.nix
View file

@ -1,4 +1,4 @@
{ config, lib, ... }:
{ config, lib, meta, ... }:
with lib;
@ -22,14 +22,12 @@ let
};
};
});
mcfg = meta.kw.secrets;
cfg = config.kw.secrets;
in
{
options.kw = {
secrets = {
command = mkOption {
type = types.str;
};
variables = mkOption {
type = types.attrsOf secretType;
default = { };
@ -48,7 +46,7 @@ in
deploy.tf.variables = mapAttrs'
(name: content:
nameValuePair name ({
value.shellCommand = "${cfg.command} ${content.path}" + optionalString (content.field != "") " -f ${content.field}";
value.shellCommand = "${mcfg.command} ${content.path}" + optionalString (content.field != "") " -f ${content.field}";
type = "string";
sensitive = true;
})

6
config/profiles/base/secrets.nix
View file

@ -8,10 +8,4 @@
persistentRoot = "/var/lib/kat/secrets";
external = true;
};
kw.secrets.command =
let
bitw = pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.kw.secrets.repo.bitw.source} "$@"'';
in
"${bitw}/bin/bitw get";
}