depot/packages/checks/modules/nixos/age-dummy-secrets/default.nix

{ config, lib, ... }:
with lib;

{
  options.age.secrets = mkOption {
    type = types.attrsOf (types.submodule ({ name, config, ... }: {
      config.path = lib.mkForce "/etc/dummy-secrets/${name}";
    }));
  };
  config.environment.etc = mapAttrs' (name: secret: {
    name = removePrefix "/etc/" secret.path;
    value = mapAttrs (const mkDefault) {
      user = secret.owner;
      inherit (secret) mode group;
      text = builtins.hashString "md5" name;
    };
  }) config.age.secrets;

  config.system.activationScripts = {
    agenixChown.text = lib.mkForce "echo using age-dummy-secrets";
    agenixNewGeneration.text = lib.mkForce "echo using age-dummy-secrets";
    agenixInstall.text = lib.mkForce ''
      ln -sf /etc/dummy-secrets /run/agenix
    '';
  };
}
checks: add age dummy secrets NixOS module 2023-09-03 22:18:50 +03:00			`{ config, lib, ... }:`
			`with lib;`

			`{`
			`options.age.secrets = mkOption {`
			`type = types.attrsOf (types.submodule ({ name, config, ... }: {`
checks: rework age-dummy-secrets 2024-07-17 00:08:35 +03:00			`config.path = lib.mkForce "/etc/dummy-secrets/${name}";`
checks: add age dummy secrets NixOS module 2023-09-03 22:18:50 +03:00			`}));`
			`};`
			`config.environment.etc = mapAttrs' (name: secret: {`
			`name = removePrefix "/etc/" secret.path;`
			`value = mapAttrs (const mkDefault) {`
			`user = secret.owner;`
			`inherit (secret) mode group;`
			`text = builtins.hashString "md5" name;`
			`};`
			`}) config.age.secrets;`
checks: rework age-dummy-secrets 2024-07-17 00:08:35 +03:00
			`config.system.activationScripts = {`
			`agenixChown.text = lib.mkForce "echo using age-dummy-secrets";`
			`agenixNewGeneration.text = lib.mkForce "echo using age-dummy-secrets";`
			`agenixInstall.text = lib.mkForce ''`
			`ln -sf /etc/dummy-secrets /run/agenix`
			`'';`
			`};`
checks: add age dummy secrets NixOS module 2023-09-03 22:18:50 +03:00			`}`