dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Add secrets support to dev VMs

Browse Source
This commit is contained in:
Jack O'Sullivan
2022-02-22 01:30:27 +00:00
parent 8c61cea30d
commit fcad909111
3 changed files with 16 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
devshell/commands.nix
View File

@@ -1,6 +1,7 @@
{ pkgs, ... }: { pkgs, ... }:
let let
homeFlake = "$HOME/.config/nixpkgs/flake.nix"; homeFlake = "$HOME/.config/nixpkgs/flake.nix";
devKey = ".keys/dev.key";
in in
{ {
commands = [ commands = [
@@ -67,7 +68,9 @@ in
command = command =
'' ''
cd "$PRJ_ROOT" cd "$PRJ_ROOT"
nix run ".#nixosConfigurations.\"$1\".config.my.buildAs.devVM" tmp="$(mktemp -d nix-vm.XXXXXXXXXX --tmpdir)"
install -Dm0400 "${devKey}" "$tmp/xchg/dev.key"
TMPDIR="$tmp" USE_TMPDIR=1 nix run ".#nixosConfigurations.\"$1\".config.my.buildAs.devVM"
''; '';
} }
{ {

1
nixos/modules/build.nix
View File

@@ -62,6 +62,7 @@ in
virtualisation = { virtualisation = {
diskImage = dummyOption; diskImage = dummyOption;
forwardPorts = dummyOption; forwardPorts = dummyOption;
sharedDirectories = dummyOption;
}; };
}; };

10
nixos/modules/secrets.nix
View File

@@ -1,6 +1,7 @@
{ lib, config, secretsPath, ... }: { lib, config, secretsPath, ... }:
let let
inherit (builtins) mapAttrs; inherit (builtins) mapAttrs;
inherit (lib) mkMerge mkIf;
inherit (lib.my) mkOpt'; inherit (lib.my) mkOpt';
cfg = config.my.secrets; cfg = config.my.secrets;
@@ -11,7 +12,14 @@ in
files = mkOpt' (attrsOf unspecified) { } "Secrets to decrypt with agenix."; files = mkOpt' (attrsOf unspecified) { } "Secrets to decrypt with agenix.";
}; };
config.age.secrets = mapAttrs (f: opts: { config = mkMerge [
{
age.secrets = mapAttrs (f: opts: {
file = "${secretsPath}/${f}.age"; file = "${secretsPath}/${f}.age";
} // opts) cfg.files; } // opts) cfg.files;
}
(mkIf config.my.build.isDevVM {
age.identityPaths = [ "/tmp/xchg/dev.key" ];
})
];
} }