cluster/catalog: support snakeoil secrets

This commit is contained in:
Max Headroom 2024-07-23 02:45:29 +02:00
parent 69a6e1a577
commit 989a13226c

View file

@ -46,6 +46,7 @@ in
}; };
}) // (if secretConfig.shared then let }) // (if secretConfig.shared then let
secretFile = "${svcName}-${secretName}.age"; secretFile = "${svcName}-${secretName}.age";
snakeoilFile = "${svcName}-${secretName}-snakeoil.txt";
in { in {
editSecret = { editSecret = {
description = "Edit this secret"; description = "Edit this secret";
@ -54,15 +55,31 @@ in
agenix -e '${secretFile}' agenix -e '${secretFile}'
''; '';
}; };
} else lib.mapAttrs' (name: lib.nameValuePair "editSecretInstance-${name}") (lib.genAttrs secretConfig.nodes (node: let editSnakeoil = {
secretFile = "${svcName}-${secretName}-${node}.age"; description = "Edit this secret's snakeoil";
in { command = ''
description = "Edit this secret for '${node}'"; $EDITOR "$PRJ_ROOT/cluster/secrets"/'${snakeoilFile}'
command = '' '';
${setupCommands secretFile [ node ]} };
agenix -e '${secretFile}' } else lib.mkMerge [
''; (lib.mapAttrs' (name: lib.nameValuePair "editSecretInstance-${name}") (lib.genAttrs secretConfig.nodes (node: let
}))); secretFile = "${svcName}-${secretName}-${node}.age";
in {
description = "Edit this secret for '${node}'";
command = ''
${setupCommands secretFile [ node ]}
agenix -e '${secretFile}'
'';
})))
(lib.mapAttrs' (name: lib.nameValuePair "editSnakeoilInstance-${name}") (lib.genAttrs secretConfig.nodes (node: let
snakeoilFile = "${svcName}-${secretName}-${node}-snakeoil.txt";
in {
description = "Edit this secret's snakeoil for '${node}'";
command = ''
$EDITOR "$PRJ_ROOT/cluster/secrets"/'${snakeoilFile}'
'';
})))
]);
}; };
}) svcConfig.secrets)) }) svcConfig.secrets))
lib.concatLists lib.concatLists