2024-07-08 22:23:11 +03:00
2 changed files with 21 additions and 7 deletions
--- a/cluster/lib/services.nix
+++ b/cluster/lib/services.nix
@ -7,13 +7,21 @@ let
      lib.mapAttrsToList (groupName: _: svcConfig.nixos.${groupName})
      (lib.filterAttrs (_: lib.elem hostName) svcConfig.nodes);
-    secretsConfig.age.secrets = lib.mapAttrs' (secretName: secretConfig: {
+    secretsConfig = let
-      name = "cluster-${svcName}-${secretName}";
+      secrets = lib.filterAttrs (_: secret: lib.any (node: node == hostName) secret.nodes) svcConfig.secrets;
-      value = {
+    in {
-        inherit (secretConfig) path mode owner group;
+      age.secrets = lib.mapAttrs' (secretName: secretConfig: {
-        file = ../secrets/${svcName}-${secretName}${lib.optionalString (!secretConfig.shared) "-${hostName}"}.age;
+        name = "cluster-${svcName}-${secretName}";
-      };
+        value = {
-    }) (lib.filterAttrs (_: secret: lib.any (node: node == hostName) secret.nodes) svcConfig.secrets);
+          inherit (secretConfig) path mode owner group;
          file = ../secrets/${svcName}-${secretName}${lib.optionalString (!secretConfig.shared) "-${hostName}"}.age;
        };
      }) secrets;
      systemd.services = lib.mkMerge (lib.mapAttrsToList (secretName: secretConfig: lib.genAttrs secretConfig.services (systemdServiceName: {
        restartTriggers = [ "${../secrets/${svcName}-${secretName}${lib.optionalString (!secretConfig.shared) "-${hostName}"}.age}" ];
      })) secrets);
    };
  in serviceConfigs ++ [
    secretsConfig
  ];
--- a/cluster/lib/services/secrets.nix
+++ b/cluster/lib/services/secrets.nix
@ -44,6 +44,12 @@ in
          type = lib.types.str;
          default = "root";
        };
        services = lib.mkOption {
          type = with lib.types; listOf str;
          description = "Services to restart when this secret changes.";
          default = [];
        };
      };
    }));
    default = {};