Skip to content

Commit

Permalink
+
Browse files Browse the repository at this point in the history
  • Loading branch information
@oluceps
oluceps committed Sep 22, 2024
1 parent 73828f4 commit d5c294d
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 6 deletions.
6 changes: 3 additions & 3 deletions apps/renc.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
}:
let
inherit (pkgs) writeShellScriptBin;
inherit (pkgs.lib) concatStringsSep traceVal;
inherit (pkgs.lib) concatStringsSep;
inherit (builtins) attrValues;

vaultixs = map (n: n.config.vaultix) (attrValues nodes);
Expand All @@ -19,9 +19,9 @@ writeShellScriptBin "renc" (
map (
n:
let
a = (pkgs.formats.toml { }).generate "secretsMetadata" n;
profile = (pkgs.formats.toml { }).generate "secretsMetadata" n;
in
"${bin} ${a} renc"
"${bin} ${profile} renc"
) vaultixs
)
)
19 changes: 17 additions & 2 deletions module/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ let
isAttrs
isPath
readFile
mkPackageOption
literalExpression
mkEnableOption
mkIf
Expand Down Expand Up @@ -310,6 +311,8 @@ in
{
options.vaultix = {

package = mkPackageOption pkgs "vaultix" { };

settings = mkOption {
type = settingsType;
default = { };
Expand All @@ -330,9 +333,21 @@ in

config =
let
secretsMetadata = (pkgs.formats.toml { }).generate "secretsMetadata" (cfg);
profile = (pkgs.formats.toml { }).generate "secretsMetadata" (cfg);
in
mkIf (sysusers && storageExist) {
test = secretsMetadata;
test = profile;

systemd.services.agenix-install-secrets = {
wantedBy = [ "sysinit.target" ];
after = [ "systemd-sysusers.service" ];
unitConfig.DefaultDependencies = "no";

serviceConfig = {
Type = "oneshot";
ExecStart = "${lib.getExe cfg.package} ${profile} deploy";
RemainAfterExit = true;
};
};
};
}
1 change: 0 additions & 1 deletion src/cmd/deploy.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,6 @@ impl Profile {

file
};
// TODO: permission and so on
the_file
.write_all(&decrypted)
.expect("write decrypted file error")
Expand Down
5 changes: 5 additions & 0 deletions test/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,11 @@
specialArgs = {
inherit self;
};
pkgs = import inputs.nixpkgs {
inherit system;
config = { };
overlays = [ self.overlays.default ];
};
modules = [
./configuration.nix
./UEFI
Expand Down

0 comments on commit d5c294d

Please sign in to comment.