cluster/lib: inject secrets into agenix modules

This commit is contained in:
Max Headroom 2024-07-07 00:44:14 +02:00
parent 8adc26c5c3
commit 5727bdb37e

View file

@ -2,10 +2,21 @@
with lib;
let
getHostConfigurations = hostName: svcConfig:
lib.mapAttrsToList (groupName: _: svcConfig.nixos.${groupName})
(lib.filterAttrs (_: lib.elem hostName) svcConfig.nodes);
getHostConfigurations = hostName: svcName: svcConfig: let
serviceConfigs =
lib.mapAttrsToList (groupName: _: svcConfig.nixos.${groupName})
(lib.filterAttrs (_: lib.elem hostName) svcConfig.nodes);
secretsConfig.age.secrets = lib.mapAttrs' (secretName: secretConfig: {
name = "cluster-${svcName}-${secretName}";
value = {
inherit (secretConfig) path mode owner group;
file = ../secrets/${svcName}-${secretName}${lib.optionalString (!secretConfig.shared) "-${hostName}"}.age;
};
}) (lib.filterAttrs (_: secret: lib.any (node: node == hostName) secret.nodes) svcConfig.secrets);
in serviceConfigs ++ [
secretsConfig
];
introspectionModule._module.args.cluster = {
inherit (config) vars;
@ -20,7 +31,7 @@ in
default = {};
};
config.out.injectNixosConfig = hostName: (lib.flatten (lib.mapAttrsToList (_: getHostConfigurations hostName) config.services)) ++ [
config.out.injectNixosConfig = hostName: (lib.flatten (lib.mapAttrsToList (getHostConfigurations hostName) config.services)) ++ [
introspectionModule
];
}