diff options
Diffstat (limited to 'options.nix')
| -rw-r--r-- | options.nix | 29 |
1 files changed, 17 insertions, 12 deletions
diff --git a/options.nix b/options.nix index 5fa70dc..8531404 100644 --- a/options.nix +++ b/options.nix @@ -1,4 +1,4 @@ -{ pkgs, lib }: +{ config, pkgs, lib, ... }: { options.secrets = { @@ -47,18 +47,19 @@ example = { mattermost = { path = "/etc/nixos/secrets/mattermost.key"; - script = "touch /etc/nixos/secrets/mattermost.key" + script = "touch /etc/nixos/secrets/mattermost.key"; }; neooffice = { path = "/etc/nixos/secrets/neooffice.key"; - script = "head -c 32 /dev/urandom > /etc/nixos/secrets/neooffice.key" + script = + "head -c 32 /dev/urandom > /etc/nixos/secrets/neooffice.key"; }; }; - type = lib.types.attrsOf lib.types.submodule = { + type = lib.types.attrsOf (lib.types.submodule { options = { - path = { + path = lib.mkOption { type = lib.types.pathWith { absolute = true; inStore = false; @@ -74,7 +75,7 @@ example = "/etc/nixos/secrets/neooffice.key"; }; - script = { + script = lib.mkOption { type = lib.types.lines; description = '' An internal value which is part of `secrets.export`, used by @@ -90,18 +91,22 @@ ''; }; }; - }; + }); }; }; - config.secrets.export = { config, pkgs, ... }: + config.secrets.export = let exportSecret = name: secret: { - path = "/etc/nixos/secrets/${secret.file}"; + path = "/etc/nixos/secrets/${secret.filename}"; + + # In defiance of the usual code style, we leave off the trailing + # newline here because that makes life easier when writing test + # cases (see `checks.nix`), which would otherwise have to add an + # extra one. script = '' #!${pkgs.bash}/bin/bash - ${secret.script} - ''; + ${secret.script}''; }; - in mapAttrs exportSecret config.secrets.secrets; + in builtins.mapAttrs exportSecret config.secrets.secrets; } |