{ config, lib, pkgs, ... }: let cfg = config.asecret; inherit (lib) mapAttrs' mkOption nameValuePair; inherit (lib.types) attrsOf enum str submodule; inherit (pkgs) writeText; dispatchType = with pkgs.asecret-lib; { "hashed-password" = hashedPassword; "password" = password; "ssh-key-pair" = ssh-key-pair; "ssl-certificate" = ssl-certificate; "wireguard" = wireguard; }; in { options.asecret = mkOption { default = {}; description = '' Secrets. These should be used everywhere. ''; example = lib.literalExpression '' { mySecret = { secret.input = { user = "me"; mode = "0400"; restartUnits = [ "myservice.service" ]; }; settings.content = "My Secret"; }; } ''; type = attrsOf (submodule (mod@{ name, options, ... }: { options = { mode = mkOption { description = '' Mode of the secret file. ''; type = str; default = "0400"; }; owner = mkOption { description = '' Linux user owning the secret file. ''; type = str; }; group = mkOption { description = '' Linux group owning the secret file. ''; type = str; default = options.user.default; defaultText = "user"; }; type = mkOption { type = enum (lib.attrNames dispatchType); description = '' Type of the secret as a string. ''; default = "password"; }; path = mkOption { type = str; description = '' Path where the secret should be located. ''; default = name; }; secret = mkOption { type = config.contracts.secret.provider; }; }; config = { inherit (mod.config.secret.input) mode owner group; secret.output.path = dispatchType.${mod.config.type} mod.config.path; }; })); }; meta.buildDocsInSandbox = false; }