nixfiles/secrets.nix

25 lines
681 B
Nix
Raw Permalink Normal View History

2022-02-22 00:59:57 +00:00
let
self = getFlake (toString ./.);
inherit (self) lib;
inherit (builtins) mapAttrs attrValues readFile getFlake;
2023-01-08 18:50:52 +00:00
inherit (lib) fileContents optional flatten zipAttrsWith nameValuePair mapAttrs';
2022-02-22 00:59:57 +00:00
secretPath = p: "secrets/${p}.age";
defaultKeys = [
2023-01-08 18:50:52 +00:00
(fileContents .keys/dev.pub)
2022-02-22 00:59:57 +00:00
];
secretKeys =
zipAttrsWith
(_: keys: flatten (keys ++ defaultKeys))
(map
(c: let cfg = c.config.my.secrets; in mapAttrs'
(f: _: nameValuePair
(secretPath f)
(optional (cfg.key != null) cfg.key))
cfg.files)
(attrValues self.nixosConfigurations));
in
mapAttrs (_: keys: { publicKeys = keys; }) secretKeys