Refactor sops-nix override configuration
This commit is contained in:
parent
1a57b9d49b
commit
83bfad9a1b
1 changed files with 40 additions and 26 deletions
|
@ -26,32 +26,46 @@
|
|||
};
|
||||
|
||||
config = {
|
||||
users.users =
|
||||
with { inherit (config.virtualisation.vmVariantWithBootLoader.users) sopsPasswordOverride; };
|
||||
(lib.mkIf
|
||||
sopsPasswordOverride.enable
|
||||
(
|
||||
builtins.listToAttrs (
|
||||
builtins.map (
|
||||
name: {
|
||||
inherit name;
|
||||
virtualisation =
|
||||
let
|
||||
extendVMConfig =
|
||||
vmVariant: {
|
||||
users.users =
|
||||
with { inherit (vmVariant.users) sopsPasswordOverride; };
|
||||
(lib.mkIf
|
||||
sopsPasswordOverride.enable
|
||||
(
|
||||
builtins.listToAttrs (
|
||||
builtins.map (
|
||||
name: {
|
||||
inherit name;
|
||||
|
||||
value = {
|
||||
hashedPasswordFile = lib.mkVMOverride null;
|
||||
hashedPassword = sopsPasswordOverride.hashedPassword;
|
||||
password = sopsPasswordOverride.password;
|
||||
};
|
||||
})
|
||||
(builtins.filter
|
||||
(
|
||||
name:
|
||||
let
|
||||
user = config.users.users.${name};
|
||||
in
|
||||
(
|
||||
(user.hashedPasswordFile != null) &&
|
||||
(lib.strings.hasPrefix "/run/secrets-for-users/" user.hashedPasswordFile)
|
||||
))
|
||||
(builtins.attrNames config.users.users)))));
|
||||
value = {
|
||||
hashedPasswordFile = lib.mkVMOverride null;
|
||||
hashedPassword = sopsPasswordOverride.hashedPassword;
|
||||
password = sopsPasswordOverride.password;
|
||||
};
|
||||
})
|
||||
(builtins.filter
|
||||
(
|
||||
name:
|
||||
let
|
||||
user = config.users.users.${name};
|
||||
in
|
||||
(
|
||||
(user.hashedPasswordFile != null) &&
|
||||
(lib.strings.hasPrefix "/run/secrets-for-users/" user.hashedPasswordFile)
|
||||
))
|
||||
(builtins.attrNames config.users.users)))));
|
||||
};
|
||||
|
||||
inherit (config.virtualisation)
|
||||
vmVariant
|
||||
vmVariantWithBootLoader
|
||||
;
|
||||
in {
|
||||
vmVariant = extendVMConfig vmVariant;
|
||||
vmVariantWithBootLoader = extendVMConfig vmVariantWithBootLoader;
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue