about summary refs log tree commit diff stats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sys/secrets/default.nix92
1 files changed, 52 insertions, 40 deletions
diff --git a/sys/secrets/default.nix b/sys/secrets/default.nix
index 754d901f..b7387b8b 100644
--- a/sys/secrets/default.nix
+++ b/sys/secrets/default.nix
@@ -3,49 +3,61 @@
   lib,
   ...
 }: let
-  name = config.networking.hostName;
+  inherit (config.networking) hostName;
+
+  # mkFakeSecret = secretName: {
+  #   name = secretName;
+  #   value = {
+  #     path = "/dev/null";
+  #   };
+  # };
+  # fakeSecrets =
+  #   builtins.listToAttrs (lib.debug.traceValSeqN 2 (builtins.map mkFakeSecret
+  #       (lib.debug.traceValSeqN 2 (builtins.attrNames secrets))));
 in {
-  config = lib.mkIf config.soispha.secrets.enable {
-    age = {
-      secrets = {
-        nheko = {
-          file = ./nheko/conf. + name;
-          mode = "700";
-          owner = "soispha";
-          group = "users";
-        };
-        serverphoneCa = {
-          file = ./serverphone/ca.key;
-          mode = "700";
-          owner = "serverphone";
-          group = "serverphone";
-        };
-        serverphoneServer = {
-          file = ./serverphone/server.key;
-          mode = "700";
-          owner = "serverphone";
-          group = "serverphone";
-        };
+  config =
+    lib.mkIf config.soispha.secrets.enable
+    {
+      age = {
+        secrets = {
+          nheko = {
+            file = ./nheko/conf. + hostName;
+            mode = "700";
+            owner = "soispha";
+            group = "users";
+          };
+          serverphoneCa = {
+            file = ./serverphone/ca.key;
+            mode = "700";
+            owner = "serverphone";
+            group = "serverphone";
+          };
+          serverphoneServer = {
+            file = ./serverphone/server.key;
+            mode = "700";
+            owner = "serverphone";
+            group = "serverphone";
+          };
 
-        taskserverPrivate = {
-          file = ./taskserver/private.key;
-          mode = "700";
-          owner = "soispha";
-          group = "users";
-        };
-        taskserverPublic = {
-          file = ./taskserver/public.cert;
-          mode = "700";
-          owner = "soispha";
-          group = "users";
-        };
-        taskserverCA = {
-          file = ./taskserver/ca.cert;
-          mode = "700";
-          owner = "soispha";
-          group = "users";
+          taskserverPrivate = {
+            file = ./taskserver/private.key;
+            mode = "700";
+            owner = "soispha";
+            group = "users";
+          };
+          taskserverPublic = {
+            file = ./taskserver/public.cert;
+            mode = "700";
+            owner = "soispha";
+            group = "users";
+          };
+          taskserverCA = {
+            file = ./taskserver/ca.cert;
+            mode = "700";
+            owner = "soispha";
+            group = "users";
+          };
         };
       };
     };
-  };
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-29 11:48:33 +0000