mirror of
https://github.com/kittywitch/nixfiles.git
synced 2026-02-10 04:49:19 -08:00
57 lines
1.3 KiB
Nix
57 lines
1.3 KiB
Nix
{ config, lib, meta, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
secretType = types.submodule ({ name, ... }: {
|
|
options = {
|
|
path = mkOption { type = types.str; };
|
|
field = mkOption {
|
|
type = types.str;
|
|
default = "";
|
|
};
|
|
};
|
|
});
|
|
repoSecretType = types.submodule ({ name, ... }: {
|
|
options = {
|
|
source = mkOption {
|
|
type = types.path;
|
|
};
|
|
text = mkOption {
|
|
type = types.str;
|
|
};
|
|
};
|
|
});
|
|
mcfg = meta.kw.secrets;
|
|
cfg = config.kw.secrets;
|
|
in
|
|
{
|
|
options.kw = {
|
|
secrets = {
|
|
variables = mkOption {
|
|
type = types.attrsOf secretType;
|
|
default = { };
|
|
};
|
|
repo = mkOption {
|
|
type = types.attrsOf repoSecretType;
|
|
default = { };
|
|
};
|
|
};
|
|
};
|
|
config = lib.mkMerge [
|
|
{
|
|
kw.secrets.variables = lib.mkMerge (mapAttrsToList (username: user: user.kw.secrets.variables) config.home-manager.users);
|
|
}
|
|
(mkIf (cfg.variables != { }) {
|
|
deploy.tf.variables = mapAttrs'
|
|
(name: content:
|
|
nameValuePair name ({
|
|
value.shellCommand = "${mcfg.command} ${content.path}" + optionalString (content.field != "") " -f ${content.field}";
|
|
type = "string";
|
|
sensitive = true;
|
|
})
|
|
)
|
|
cfg.variables;
|
|
})
|
|
];
|
|
}
|