Add secret support

2022-02-22 00:59:57 +00:00
parent ac31486f6b
commit 8c61cea30d
19 changed files with 71 additions and 11 deletions
--- a/secrets.nix
+++ b/secrets.nix
@@ -0,0 +1,24 @@
+let
+  self = getFlake (toString ./.);
+  inherit (self) lib;
+
+  inherit (builtins) mapAttrs attrValues readFile getFlake;
+  inherit (lib) optional flatten zipAttrsWith nameValuePair mapAttrs';
+
+  secretPath = p: "secrets/${p}.age";
+
+  defaultKeys = [
+    (readFile .keys/dev.pub)
+  ];
+  secretKeys =
+    zipAttrsWith
+      (_: keys: flatten (keys ++ defaultKeys))
+      (map
+        (c: let cfg = c.config.my.secrets; in mapAttrs'
+          (f: _: nameValuePair
+            (secretPath f)
+            (optional (cfg.key != null) cfg.key))
+          cfg.files)
+        (attrValues self.nixosConfigurations));
+in
+mapAttrs (_: keys: { publicKeys = keys; }) secretKeys