The Simulacrum: Stage 3 #110
1 changed files with 4 additions and 1 deletions
|
@ -81,8 +81,10 @@ in
|
||||||
consul kv put ${lib.escapeShellArg path}/mode ${lib.escapeShellArg mode}
|
consul kv put ${lib.escapeShellArg path}/mode ${lib.escapeShellArg mode}
|
||||||
consul kv put ${lib.escapeShellArg path}/owner ${lib.escapeShellArg owner}
|
consul kv put ${lib.escapeShellArg path}/owner ${lib.escapeShellArg owner}
|
||||||
consul kv put ${lib.escapeShellArg path}/group ${lib.escapeShellArg group}
|
consul kv put ${lib.escapeShellArg path}/group ${lib.escapeShellArg group}
|
||||||
|
secret="$(mktemp -ut)"
|
||||||
|
(${command}) > "$secret"
|
||||||
${lib.concatStringsSep "\n" (map (node: ''
|
${lib.concatStringsSep "\n" (map (node: ''
|
||||||
consul kv put ${lib.escapeShellArg path}/recipient/${node} "$( (${command}) | age --encrypt --armor -r ${lib.escapeShellArg depot.hours.${node}.ssh.id.publicKey})"
|
consul kv put ${lib.escapeShellArg path}/recipient/${node} "$(age < "$secret" --encrypt --armor -r ${lib.escapeShellArg depot.hours.${node}.ssh.id.publicKey})"
|
||||||
'') nodes)}
|
'') nodes)}
|
||||||
else
|
else
|
||||||
echo Skipping update for ${lib.escapeShellArg path}
|
echo Skipping update for ${lib.escapeShellArg path}
|
||||||
|
@ -90,6 +92,7 @@ in
|
||||||
'';
|
'';
|
||||||
in ''
|
in ''
|
||||||
# create/update secrets
|
# create/update secrets
|
||||||
|
umask 77
|
||||||
${lib.pipe activeSecrets [
|
${lib.pipe activeSecrets [
|
||||||
(lib.mapAttrsToList (secretName: secretConfig: createSecret {
|
(lib.mapAttrsToList (secretName: secretConfig: createSecret {
|
||||||
path = "${providerRoot}-${secretName}";
|
path = "${providerRoot}-${secretName}";
|
||||||
|
|
Loading…
Reference in a new issue