refactor(nix/*): drop yants and consumers, and some more
Change-Id: I96ab5890518c7bb0d4a676adbad20e4c49699b63
This commit is contained in:
Florian Klink
parent
001556aa30
commit
cff6575948
33 changed files with 11 additions and 2414 deletions
|
|
@ -1,29 +1,12 @@
|
|||
# Expose secrets as part of the tree, making it possible to validate
|
||||
# their paths at eval time.
|
||||
# Expose secrets as part of the tree, exposing their paths at eval time.
|
||||
#
|
||||
# Note that encrypted secrets end up in the Nix store, but this is
|
||||
# fine since they're publicly available anyways.
|
||||
{ depot, lib, ... }:
|
||||
|
||||
let
|
||||
inherit (depot.nix.yants)
|
||||
attrs
|
||||
any
|
||||
either
|
||||
defun
|
||||
list
|
||||
path
|
||||
restrict
|
||||
string
|
||||
struct
|
||||
;
|
||||
ssh-pubkey = restrict "SSH pubkey" (lib.hasPrefix "ssh-") string;
|
||||
age-pubkey = restrict "age pubkey" (lib.hasPrefix "age") string;
|
||||
agenixSecret = struct "agenixSecret" { publicKeys = list (either age-pubkey ssh-pubkey); };
|
||||
in
|
||||
|
||||
defun [ path (attrs agenixSecret) (attrs any) ]
|
||||
(path: secrets:
|
||||
(
|
||||
path: secrets:
|
||||
depot.nix.readTree.drvTargets
|
||||
# Import each secret into the Nix store
|
||||
(builtins.mapAttrs (name: _: "${path}/${name}") secrets))
|
||||
(builtins.mapAttrs (name: _: "${path}/${name}") secrets)
|
||||
)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue