checks: rework age-dummy-secrets

2024-07-16 23:08:35 +02:00 · 2024-07-16 23:08:35 +02:00 · f430db7d8d
commit f430db7d8d
parent d720ba41a6
4 changed files with 31 additions and 11 deletions
--- a/packages/checks/garage.nix
+++ b/packages/checks/garage.nix
@ -14,7 +14,8 @@ testers.runNixOSTest {
      inherit (config.networking) hostName primaryIPAddress;
    in {
      imports = lib.flatten [
-        ./modules/nixos/age-dummy-secrets.nix
+        ./modules/nixos/age-dummy-secrets
+        ./modules/nixos/age-dummy-secrets/options.nix
        nixosModules.ascensions
        nixosModules.systemd-extras
        nixosModules.consul-distributed-services
--- a/packages/checks/modules/nixos/age-dummy-secrets/default.nix
+++ b/packages/checks/modules/nixos/age-dummy-secrets/default.nix
@ -0,0 +1,26 @@
+{ config, lib, ... }:
+with lib;
+
+{
+  options.age.secrets = mkOption {
+    type = types.attrsOf (types.submodule ({ name, config, ... }: {
+      config.path = lib.mkForce "/etc/dummy-secrets/${name}";
+    }));
+  };
+  config.environment.etc = mapAttrs' (name: secret: {
+    name = removePrefix "/etc/" secret.path;
+    value = mapAttrs (const mkDefault) {
+      user = secret.owner;
+      inherit (secret) mode group;
+      text = builtins.hashString "md5" name;
+    };
+  }) config.age.secrets;
+
+  config.system.activationScripts = {
+    agenixChown.text = lib.mkForce "echo using age-dummy-secrets";
+    agenixNewGeneration.text = lib.mkForce "echo using age-dummy-secrets";
+    agenixInstall.text = lib.mkForce ''
+      ln -sf /etc/dummy-secrets /run/agenix
+    '';
+  };
+}
--- a/packages/checks/modules/nixos/age-dummy-secrets/options.nix
+++ b/packages/checks/modules/nixos/age-dummy-secrets/options.nix
@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ lib, ... }:
 with lib;

 let
@ -22,12 +22,4 @@ in
      };
    }));
  };
-  config.environment.etc = mapAttrs' (name: secret: {
-    name = removePrefix "/etc/" secret.path;
-    value = mapAttrs (const mkDefault) {
-      user = secret.owner;
-      inherit (secret) mode group;
-      text = builtins.hashString "md5" name;
-    };
-  }) config.age.secrets;
 }
--- a/packages/checks/s3ql-upgrade.nix
+++ b/packages/checks/s3ql-upgrade.nix
@ -8,7 +8,8 @@ testers.runNixOSTest {
      nixosModules.ascensions
      nixosModules.external-storage
      nixosModules.systemd-extras
-      ./modules/nixos/age-dummy-secrets.nix
+      ./modules/nixos/age-dummy-secrets
+      ./modules/nixos/age-dummy-secrets/options.nix
    ];

    _module.args.depot.packages = { inherit (previous.packages.${system}) s3ql; };