57 lines
1.3 KiB
Nix
57 lines
1.3 KiB
Nix
{ lib, name, ... }:
|
|
|
|
let
|
|
serviceName = name;
|
|
in
|
|
|
|
{
|
|
options.secrets = lib.mkOption {
|
|
type = lib.types.lazyAttrsOf (lib.types.submodule ({ config, name, ... }: {
|
|
options = {
|
|
shared = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = true;
|
|
description = "Whether this secret should be the same on all nodes.";
|
|
};
|
|
|
|
nodes = lib.mkOption {
|
|
type = with lib.types; listOf str;
|
|
default = [ ];
|
|
};
|
|
|
|
generate = lib.mkOption {
|
|
type = with lib.types; nullOr (functionTo str);
|
|
description = "Command used to generate this secret.";
|
|
default = null;
|
|
};
|
|
|
|
path = lib.mkOption {
|
|
type = lib.types.path;
|
|
default = "/run/agenix/cluster-${serviceName}-${name}";
|
|
};
|
|
|
|
mode = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "0400";
|
|
};
|
|
|
|
owner = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "root";
|
|
};
|
|
|
|
group = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "root";
|
|
};
|
|
|
|
services = lib.mkOption {
|
|
type = with lib.types; listOf str;
|
|
description = "Services to restart when this secret changes.";
|
|
default = [];
|
|
};
|
|
};
|
|
}));
|
|
default = {};
|
|
};
|
|
}
|