SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-03-22 15:29:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

sops: Rename secrets option to secretsData

Browse source
This commit is contained in:
SebastianStork 2026-02-28 00:13:51 +01:00
parent 3af7d23a46
commit 4887e06117
Signed by: SebastianStork
SSH key fingerprint: SHA256:tRrGdjYOwgHxpSc/wTOZQZEjxcb15P0tyXRsbAfd+2Q
5 changed files with 10 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

4
modules/home/programs/git.nix
View file

@ -4,7 +4,7 @@
config = lib.mkIf config.custom.programs.git.enable { config = lib.mkIf config.custom.programs.git.enable {
sops.secrets = sops.secrets =
config.custom.sops.secrets.ssh-key config.custom.sops.secretsData.ssh-key
|> lib.mapAttrs' ( |> lib.mapAttrs' (
name: _: lib.nameValuePair "ssh-key/${name}" { path = "${config.home.homeDirectory}/.ssh/${name}"; } name: _: lib.nameValuePair "ssh-key/${name}" { path = "${config.home.homeDirectory}/.ssh/${name}"; }
); );
@ -42,7 +42,7 @@
lazygit.enable = true; lazygit.enable = true;
ssh.matchBlocks = ssh.matchBlocks =
config.custom.sops.secrets.ssh-key config.custom.sops.secretsData.ssh-key
|> lib.mapAttrs (name: _: { identityFile = config.sops.secrets."ssh-key/${name}".path; }); |> lib.mapAttrs (name: _: { identityFile = config.sops.secrets."ssh-key/${name}".path; });
}; };
}; };

6
modules/home/sops.nix
View file

@ -25,7 +25,7 @@ in
type = self.lib.types.existingPath; type = self.lib.types.existingPath;
default = "${self}/users/${config.home.username}/@${osConfig.networking.hostName}/secrets.json"; default = "${self}/users/${config.home.username}/@${osConfig.networking.hostName}/secrets.json";
}; };
secrets = lib.mkOption { secretsData = lib.mkOption {
type = lib.types.anything; type = lib.types.anything;
default = cfg.secretsFile |> lib.readFile |> lib.strings.fromJSON; default = cfg.secretsFile |> lib.readFile |> lib.strings.fromJSON;
}; };
@ -42,12 +42,12 @@ in
config.sops.secrets config.sops.secrets
|> lib.attrNames |> lib.attrNames
|> lib.map (secretPath: { |> lib.map (secretPath: {
assertion = cfg.secrets |> lib.hasAttrByPath (secretPath |> lib.splitString "/"); assertion = cfg.secretsData |> lib.hasAttrByPath (secretPath |> lib.splitString "/");
message = "Sops secret `${secretPath}` is used in a module but not defined in secrets.json"; message = "Sops secret `${secretPath}` is used in a module but not defined in secrets.json";
}) })
) )
++ ( ++ (
lib.removeAttrs cfg.secrets [ "sops" ] lib.removeAttrs cfg.secretsData [ "sops" ]
|> lib.mapAttrsToListRecursive (path: _: path |> lib.concatStringsSep "/") |> lib.mapAttrsToListRecursive (path: _: path |> lib.concatStringsSep "/")
|> lib.map (secretPath: { |> lib.map (secretPath: {
assertion = config.sops.secrets |> lib.hasAttr secretPath; assertion = config.sops.secrets |> lib.hasAttr secretPath;

2
modules/nixos/networking/underlay.nix
View file

@ -33,7 +33,7 @@ in
enable = lib.mkEnableOption ""; enable = lib.mkEnableOption "";
networks = lib.mkOption { networks = lib.mkOption {
type = lib.types.listOf lib.types.nonEmptyStr; type = lib.types.listOf lib.types.nonEmptyStr;
default = config.custom.sops.secrets.iwd |> lib.attrNames; default = config.custom.sops.secretsData.iwd |> lib.attrNames;
}; };
}; };
}; };

2
modules/nixos/services/syncthing.nix
View file

@ -11,7 +11,7 @@ let
inherit (config.services.syncthing) dataDir; inherit (config.services.syncthing) dataDir;
useSopsSecrets = config.custom.sops.secrets |> lib.hasAttr "syncthing"; useSopsSecrets = config.custom.sops.secretsData |> lib.hasAttr "syncthing";
in in
{ {
options.custom.services.syncthing = { options.custom.services.syncthing = {

6
modules/nixos/sops.nix
View file

@ -21,7 +21,7 @@ in
type = self.lib.types.existingPath; type = self.lib.types.existingPath;
default = "${self}/hosts/${config.networking.hostName}/secrets.json"; default = "${self}/hosts/${config.networking.hostName}/secrets.json";
}; };
secrets = lib.mkOption { secretsData = lib.mkOption {
type = lib.types.anything; type = lib.types.anything;
default = cfg.secretsFile |> lib.readFile |> lib.strings.fromJSON; default = cfg.secretsFile |> lib.readFile |> lib.strings.fromJSON;
}; };
@ -40,12 +40,12 @@ in
config.sops.secrets config.sops.secrets
|> lib.attrNames |> lib.attrNames
|> lib.map (secretPath: { |> lib.map (secretPath: {
assertion = cfg.secrets |> lib.hasAttrByPath (secretPath |> lib.splitString "/"); assertion = cfg.secretsData |> lib.hasAttrByPath (secretPath |> lib.splitString "/");
message = "Sops secret `${secretPath}` is used in a module but not defined in secrets.json"; message = "Sops secret `${secretPath}` is used in a module but not defined in secrets.json";
}) })
) )
++ ( ++ (
lib.removeAttrs cfg.secrets [ "sops" ] lib.removeAttrs cfg.secretsData [ "sops" ]
|> lib.mapAttrsToListRecursive (path: _: path |> lib.concatStringsSep "/") |> lib.mapAttrsToListRecursive (path: _: path |> lib.concatStringsSep "/")
|> lib.map (secretPath: { |> lib.map (secretPath: {
assertion = config.sops.secrets |> lib.hasAttr secretPath; assertion = config.sops.secrets |> lib.hasAttr secretPath;