1
0
mirror of https://git.oat.zone/dark-firepit/dotfiles synced 2024-11-26 06:08:48 +01:00
git.oat.zone--dark-firepit-.../modules/agenix.nix
Jill "oatmealine" Monoids 1cb35a78d2 attempt to get agenix to work
only missing the access step!
2023-05-18 06:11:39 +02:00

32 lines
1.0 KiB
Nix

{ options, lib, inputs, pkgs, config, ... }:
with builtins;
with lib;
with lib._;
let
inherit (inputs) agenix;
secretsDir = "${toString ../hosts}/${config.networking.hostName}/secrets";
secretsFile = "${secretsDir}/secrets.nix";
in {
imports = [ agenix.nixosModules.default ];
age = let
# ugly, lazy, but works
users = map (user: "/home/${user}/.ssh") (attrNames (readDir "/home/"));
usersWithKeys = filter (path: pathExists path) users;
userIdentityPaths = concatLists (map (keysPath:
let
# find all files that are id_* and not *.pub
# todo: maybe make a startsWith / endsWith?
files = map (f: keysPath + "/" + f)
(filter (f: (substring 0 3 f == "id_") && (substring (stringLength f - 4) 4 f != ".pub"))
(attrNames (readDir keysPath)));
in files) usersWithKeys);
in {
secrets = mkMerge (map (x: {"${x}".file = "${secretsDir}/${x}";}) (attrNames (import secretsFile)));
identityPaths = options.age.identityPaths.default ++ userIdentityPaths;
};
}