34 lines
958 B
Nix
34 lines
958 B
Nix
{
|
|
config,
|
|
lib,
|
|
mylib,
|
|
pkgs,
|
|
username,
|
|
publicKeys,
|
|
...
|
|
}: let
|
|
inherit (config.modules) agenix;
|
|
in {
|
|
options.modules.agenix = import ./options.nix {inherit lib mylib;};
|
|
|
|
config = {
|
|
# NOTE: See the generated secrets.nix file in home/christoph/default.nix
|
|
|
|
# Register generated secrets to the age system module
|
|
age.secrets = let
|
|
mkSecretIfExists = name:
|
|
# If this user has already encrypted the secret...
|
|
if builtins.pathExists ./${name}.age
|
|
# ...we will register it with age...
|
|
then {${name}.file = ./${name}.age;}
|
|
# ...otherwise we link to a bogus file.
|
|
else {${name}.file = ./void.age;};
|
|
in
|
|
lib.mkIf
|
|
# If this user defined any secrets...
|
|
(builtins.hasAttr "${username}" agenix.secrets)
|
|
# ...we will register all secrets files that have already been generated.
|
|
(lib.mkMerge (builtins.map mkSecretIfExists agenix.secrets.${username}));
|
|
};
|
|
}
|