34 lines
899 B
Nix
34 lines
899 B
Nix
{ pkgs
|
|
, lib
|
|
, config
|
|
, ...
|
|
}: {
|
|
age.secrets =
|
|
let
|
|
age-paths-list = lib.fileset.toList (lib.fileset.fromSource (lib.sources.sourceFilesBySuffices ../../secrets/autoimport [ ".age" ]));
|
|
named-paths =
|
|
builtins.map
|
|
(path: {
|
|
name = lib.strings.removeSuffix ".age" (builtins.baseNameOf path);
|
|
path = path;
|
|
})
|
|
age-paths-list;
|
|
autoimported-secrets = lib.attrsets.mergeAttrsList (builtins.map
|
|
(secret: {
|
|
"${secret.name}".rekeyFile = secret.path;
|
|
})
|
|
named-paths);
|
|
in
|
|
autoimported-secrets;
|
|
|
|
age.rekey = {
|
|
masterIdentities = [
|
|
{
|
|
identity = ../../secrets/master/age_master.age;
|
|
pubkey = ../../secrets/master/age_master.pub;
|
|
}
|
|
];
|
|
storageMode = "local";
|
|
localStorageDir = ../../. + "/secrets/rekeyed/${config.networking.hostName}";
|
|
};
|
|
}
|