authentik yay
This commit is contained in:
parent
d3a93fd115
commit
f2fcbfb679
34 changed files with 612 additions and 363 deletions
36
sops.nix
Normal file
36
sops.nix
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
{
|
||||
sops,
|
||||
instanceConfigs,
|
||||
writeScriptBin,
|
||||
writeText,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
let
|
||||
adminKeys = [
|
||||
"0D98D5964AC8BB1CA034CE4EC456133700066642" # xyno main gpg key
|
||||
];
|
||||
keysPerHost = (mapAttrs (n: v: (toList v.sopsKey)) (
|
||||
filterAttrs (n: v: v ? sopsKey) instanceConfigs
|
||||
));
|
||||
hostKeys = flatten (attrValues keysPerHost);
|
||||
|
||||
sopsCfg = {
|
||||
keys = adminKeys ++ hostKeys;
|
||||
creation_rules = [
|
||||
{
|
||||
path_regex = "secrets/[^/]+\.(yaml|json|env|ini)$";
|
||||
key_groups = [ { pgp = adminKeys ++ hostKeys; } ];
|
||||
}
|
||||
]
|
||||
++ (mapAttrsToList (n: v: {
|
||||
# path_regex = "instances/${n}/secrets/[^/]+\.(yaml|json|env|ini)$";
|
||||
path_regex = "instances/${n}/secrets/[^/]+\.(yaml|json|env|ini)$";
|
||||
key_groups = [ { pgp = adminKeys ++ v; } ];
|
||||
|
||||
}) keysPerHost);
|
||||
};
|
||||
sopsCfgFile = writeText ".sops.yaml" (builtins.toJSON sopsCfg);
|
||||
|
||||
in sopsCfgFile
|
||||
Loading…
Add table
Add a link
Reference in a new issue