RGBCube/agenix
1
Fork 0
mirror of https://github.com/RGBCube/agenix synced 2025-07-30 18:27:45 +00:00
Code Issues Activity Actions

add flake

Browse source
This commit is contained in:
Ryan Mulligan 2020-09-02 20:49:24 -07:00
parent c77d82e784
commit 4c2fd23693
3 changed files with 30 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

11
modules/age.nix
View file

@ -8,13 +8,14 @@ let
identities = builtins.concatStringsSep " " (map (path: "-i ${path}") cfg.sshKeyPaths);
installSecret = secretType: ''
TMP_DIR=$(mktemp -d)
TMP_FILE="$TMP_DIR/file"
TMP_FILE="${secretType.path}.tmp"
(umask 0400; ${pkgs.age}/bin/age --decrypt ${identities} -o "$TMP_FILE" "${secretType.file}")
install -o '${secretType.owner}' -g '${secretType.group}' -m '${secretType.mode}' "$TMP_FILE" '${secretType.path}'
rm -rf "$TMP_DIR"
chmod ${secretType.mode} "$TMP_FILE"
chown ${secretType.owner}:${secretType.group} "$TMP_FILE"
mv -f "$TMP_FILE" '${secretType.path}'
'';
installAllSecrets = builtins.concatStringsSep (map installSecret (builtins.attrValues cfg.secrets));
installAllSecrets = builtins.concatStringsSep "\n" (map installSecret (builtins.attrValues cfg.secrets));
secretType = types.submodule ({ config, ... }: {
options = {