checks: rework age-dummy-secrets

This commit is contained in:
Max Headroom 2024-07-16 23:08:35 +02:00
parent d720ba41a6
commit f430db7d8d
4 changed files with 31 additions and 11 deletions

View file

@ -14,7 +14,8 @@ testers.runNixOSTest {
inherit (config.networking) hostName primaryIPAddress;
in {
imports = lib.flatten [
./modules/nixos/age-dummy-secrets.nix
./modules/nixos/age-dummy-secrets
./modules/nixos/age-dummy-secrets/options.nix
nixosModules.ascensions
nixosModules.systemd-extras
nixosModules.consul-distributed-services

View file

@ -0,0 +1,26 @@
{ config, lib, ... }:
with lib;
{
options.age.secrets = mkOption {
type = types.attrsOf (types.submodule ({ name, config, ... }: {
config.path = lib.mkForce "/etc/dummy-secrets/${name}";
}));
};
config.environment.etc = mapAttrs' (name: secret: {
name = removePrefix "/etc/" secret.path;
value = mapAttrs (const mkDefault) {
user = secret.owner;
inherit (secret) mode group;
text = builtins.hashString "md5" name;
};
}) config.age.secrets;
config.system.activationScripts = {
agenixChown.text = lib.mkForce "echo using age-dummy-secrets";
agenixNewGeneration.text = lib.mkForce "echo using age-dummy-secrets";
agenixInstall.text = lib.mkForce ''
ln -sf /etc/dummy-secrets /run/agenix
'';
};
}

View file

@ -1,4 +1,4 @@
{ config, lib, ... }:
{ lib, ... }:
with lib;
let
@ -22,12 +22,4 @@ in
};
}));
};
config.environment.etc = mapAttrs' (name: secret: {
name = removePrefix "/etc/" secret.path;
value = mapAttrs (const mkDefault) {
user = secret.owner;
inherit (secret) mode group;
text = builtins.hashString "md5" name;
};
}) config.age.secrets;
}

View file

@ -8,7 +8,8 @@ testers.runNixOSTest {
nixosModules.ascensions
nixosModules.external-storage
nixosModules.systemd-extras
./modules/nixos/age-dummy-secrets.nix
./modules/nixos/age-dummy-secrets
./modules/nixos/age-dummy-secrets/options.nix
];
_module.args.depot.packages = { inherit (previous.packages.${system}) s3ql; };