blob: 7c17d9987fa8c3da0d3d3e5e9f8167ebfd045ec4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
{ config, lib, pkgs, ... }:
let
cfg = config.asecret;
inherit (lib) mapAttrs' mkOption nameValuePair;
inherit (lib.types) attrsOf enum str submodule;
inherit (pkgs) writeText;
dispatchType = with pkgs.asecret-lib; {
"hashed-password" = hashedPassword;
"password" = password;
"ssh-key-pair" = ssh-key-pair;
"ssl-certificate" = ssl-certificate;
"wireguard" = wireguard;
};
in
{
options.asecret = mkOption {
default = {};
description = ''
Secrets. These should be used everywhere.
'';
example = lib.literalExpression ''
{
mySecret = {
secret.input = {
user = "me";
mode = "0400";
restartUnits = [ "myservice.service" ];
};
settings.content = "My Secret";
};
}
'';
type = attrsOf (submodule (mod@{ name, options, ... }: {
options = {
mode = mkOption {
description = ''
Mode of the secret file.
'';
type = str;
default = "0400";
};
owner = mkOption {
description = ''
Linux user owning the secret file.
'';
type = str;
};
group = mkOption {
description = ''
Linux group owning the secret file.
'';
type = str;
default = options.user.default;
defaultText = "user";
};
type = mkOption {
type = enum (lib.attrNames dispatchType);
description = ''
Type of the secret as a string.
'';
default = "password";
};
path = mkOption {
type = str;
description = ''
Path where the secret should be located.
'';
default = name;
};
secret = mkOption {
type = config.contracts.secret.provider;
};
};
config = {
inherit (mod.config.secret.input) mode owner group;
secret.output.path = dispatchType.${mod.config.type} mod.config.path;
};
}));
};
meta.buildDocsInSandbox = false;
}
|
