manuth/NixOSConfig
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Refactor sops-nix override configuration

Browse source
This commit is contained in:
Manuel Thalmann 2024-05-02 13:07:43 +02:00
parent 1a57b9d49b
commit 83bfad9a1b
1 changed files with 40 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

66
lib/modules/custom-sops-nix.nix
View file

@ -26,32 +26,46 @@
}; };
config = { config = {
users.users = virtualisation =
with { inherit (config.virtualisation.vmVariantWithBootLoader.users) sopsPasswordOverride; }; let
(lib.mkIf extendVMConfig =
sopsPasswordOverride.enable vmVariant: {
( users.users =
builtins.listToAttrs ( with { inherit (vmVariant.users) sopsPasswordOverride; };
builtins.map ( (lib.mkIf
name: { sopsPasswordOverride.enable
inherit name; (
builtins.listToAttrs (
builtins.map (
name: {
inherit name;
value = { value = {
hashedPasswordFile = lib.mkVMOverride null; hashedPasswordFile = lib.mkVMOverride null;
hashedPassword = sopsPasswordOverride.hashedPassword; hashedPassword = sopsPasswordOverride.hashedPassword;
password = sopsPasswordOverride.password; password = sopsPasswordOverride.password;
}; };
}) })
(builtins.filter (builtins.filter
( (
name: name:
let let
user = config.users.users.${name}; user = config.users.users.${name};
in in
( (
(user.hashedPasswordFile != null) && (user.hashedPasswordFile != null) &&
(lib.strings.hasPrefix "/run/secrets-for-users/" user.hashedPasswordFile) (lib.strings.hasPrefix "/run/secrets-for-users/" user.hashedPasswordFile)
)) ))
(builtins.attrNames config.users.users))))); (builtins.attrNames config.users.users)))));
};
inherit (config.virtualisation)
vmVariant
vmVariantWithBootLoader
;
in {
vmVariant = extendVMConfig vmVariant;
vmVariantWithBootLoader = extendVMConfig vmVariantWithBootLoader;
};
}; };
} }