manuth/NixOSConfig
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Refactor sops-nix override configuration

Browse source
This commit is contained in:
Manuel Thalmann 2024-05-02 13:07:43 +02:00
parent 1a57b9d49b
commit 83bfad9a1b
1 changed files with 40 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

66
lib/modules/custom-sops-nix.nix
View file

@ -26,32 +26,46 @@
};
config = {
users.users =
with { inherit (config.virtualisation.vmVariantWithBootLoader.users) sopsPasswordOverride; };
(lib.mkIf
sopsPasswordOverride.enable
(
builtins.listToAttrs (
builtins.map (
name: {
inherit name;
virtualisation =
let
extendVMConfig =
vmVariant: {
users.users =
with { inherit (vmVariant.users) sopsPasswordOverride; };
(lib.mkIf
sopsPasswordOverride.enable
(
builtins.listToAttrs (
builtins.map (
name: {
inherit name;
value = {
hashedPasswordFile = lib.mkVMOverride null;
hashedPassword = sopsPasswordOverride.hashedPassword;
password = sopsPasswordOverride.password;
};
})
(builtins.filter
(
name:
let
user = config.users.users.${name};
in
(
(user.hashedPasswordFile != null) &&
(lib.strings.hasPrefix "/run/secrets-for-users/" user.hashedPasswordFile)
))
(builtins.attrNames config.users.users)))));
value = {
hashedPasswordFile = lib.mkVMOverride null;
hashedPassword = sopsPasswordOverride.hashedPassword;
password = sopsPasswordOverride.password;
};
})
(builtins.filter
(
name:
let
user = config.users.users.${name};
in
(
(user.hashedPasswordFile != null) &&
(lib.strings.hasPrefix "/run/secrets-for-users/" user.hashedPasswordFile)
))
(builtins.attrNames config.users.users)))));
};
inherit (config.virtualisation)
vmVariant
vmVariantWithBootLoader
;
in {
vmVariant = extendVMConfig vmVariant;
vmVariantWithBootLoader = extendVMConfig vmVariantWithBootLoader;
};
};
}