cluster/catalog: support snakeoil secrets
This commit is contained in:
parent
69a6e1a577
commit
989a13226c
1 changed files with 26 additions and 9 deletions
|
@ -46,6 +46,7 @@ in
|
||||||
};
|
};
|
||||||
}) // (if secretConfig.shared then let
|
}) // (if secretConfig.shared then let
|
||||||
secretFile = "${svcName}-${secretName}.age";
|
secretFile = "${svcName}-${secretName}.age";
|
||||||
|
snakeoilFile = "${svcName}-${secretName}-snakeoil.txt";
|
||||||
in {
|
in {
|
||||||
editSecret = {
|
editSecret = {
|
||||||
description = "Edit this secret";
|
description = "Edit this secret";
|
||||||
|
@ -54,7 +55,14 @@ in
|
||||||
agenix -e '${secretFile}'
|
agenix -e '${secretFile}'
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
} else lib.mapAttrs' (name: lib.nameValuePair "editSecretInstance-${name}") (lib.genAttrs secretConfig.nodes (node: let
|
editSnakeoil = {
|
||||||
|
description = "Edit this secret's snakeoil";
|
||||||
|
command = ''
|
||||||
|
$EDITOR "$PRJ_ROOT/cluster/secrets"/'${snakeoilFile}'
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
} else lib.mkMerge [
|
||||||
|
(lib.mapAttrs' (name: lib.nameValuePair "editSecretInstance-${name}") (lib.genAttrs secretConfig.nodes (node: let
|
||||||
secretFile = "${svcName}-${secretName}-${node}.age";
|
secretFile = "${svcName}-${secretName}-${node}.age";
|
||||||
in {
|
in {
|
||||||
description = "Edit this secret for '${node}'";
|
description = "Edit this secret for '${node}'";
|
||||||
|
@ -62,7 +70,16 @@ in
|
||||||
${setupCommands secretFile [ node ]}
|
${setupCommands secretFile [ node ]}
|
||||||
agenix -e '${secretFile}'
|
agenix -e '${secretFile}'
|
||||||
'';
|
'';
|
||||||
})));
|
})))
|
||||||
|
(lib.mapAttrs' (name: lib.nameValuePair "editSnakeoilInstance-${name}") (lib.genAttrs secretConfig.nodes (node: let
|
||||||
|
snakeoilFile = "${svcName}-${secretName}-${node}-snakeoil.txt";
|
||||||
|
in {
|
||||||
|
description = "Edit this secret's snakeoil for '${node}'";
|
||||||
|
command = ''
|
||||||
|
$EDITOR "$PRJ_ROOT/cluster/secrets"/'${snakeoilFile}'
|
||||||
|
'';
|
||||||
|
})))
|
||||||
|
]);
|
||||||
};
|
};
|
||||||
}) svcConfig.secrets))
|
}) svcConfig.secrets))
|
||||||
lib.concatLists
|
lib.concatLists
|
||||||
|
|
Loading…
Reference in a new issue