diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/userSecret.nix | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/modules/userSecret.nix b/modules/userSecret.nix new file mode 100644 index 0000000..af1e978 --- /dev/null +++ b/modules/userSecret.nix @@ -0,0 +1,20 @@ +# "secret" consumer +{ config, lib, ... }: +{ + options.users.users = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule { + options.passwordSecret = lib.mkOption { + type = lib.types.nullOr config.contracts.secret.consumer; + }; + }); + }; + config = { + # TODO other users than root + users.users.root.passwordFile = lib.mkIf (config.users.users.root.passwordSecret != null) config.users.users.root.passwordSecret.output.path; + users.users.root.passwordSecret.input = lib.mkIf (config.users.users.root.passwordSecret != null) { + owner = "root"; + group = "root"; + mode = "0400"; + }; + }; +} |