sops: fix secret path generation
This commit is contained in:
parent
396071a925
commit
58446db110
|
@ -45,7 +45,9 @@ in
|
||||||
config = lib.mkIf (config.clanCore.facts.secretStore == "sops") {
|
config = lib.mkIf (config.clanCore.facts.secretStore == "sops") {
|
||||||
# Before we generate a secret we cannot know the path yet, so we need to set it to an empty string
|
# Before we generate a secret we cannot know the path yet, so we need to set it to an empty string
|
||||||
clanCore.facts.secretPathFunction =
|
clanCore.facts.secretPathFunction =
|
||||||
secret: config.sops.secrets.${secret.config.name}.path or "/no-such-path";
|
secret:
|
||||||
|
config.sops.secrets.${"${config.clanCore.machineName}-${secret.config.name}"}.path
|
||||||
|
or "/no-such-path";
|
||||||
clanCore.facts.secretModule = "clan_cli.facts.secret_modules.sops";
|
clanCore.facts.secretModule = "clan_cli.facts.secret_modules.sops";
|
||||||
clanCore.facts.secretUploadDirectory = lib.mkDefault "/var/lib/sops-nix";
|
clanCore.facts.secretUploadDirectory = lib.mkDefault "/var/lib/sops-nix";
|
||||||
sops.secrets = builtins.mapAttrs (name: _: {
|
sops.secrets = builtins.mapAttrs (name: _: {
|
||||||
|
|
|
@ -36,6 +36,7 @@
|
||||||
};
|
};
|
||||||
machineName = lib.mkOption {
|
machineName = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
|
default = "nixos";
|
||||||
description = ''
|
description = ''
|
||||||
the name of the machine
|
the name of the machine
|
||||||
'';
|
'';
|
||||||
|
|
Loading…
Reference in New Issue
Block a user