46 lines
1.2 KiB
Nix
46 lines
1.2 KiB
Nix
{
|
|
sops,
|
|
instanceConfigs,
|
|
writeScriptBin,
|
|
writeText,
|
|
lib,
|
|
...
|
|
}:
|
|
with lib;
|
|
let
|
|
adminKeys = [
|
|
"0D98D5964AC8BB1CA034CE4EC456133700066642" # xyno main gpg key
|
|
];
|
|
keysPerHost = (
|
|
mapAttrs (n: v: (toList v.config.xyno.meta.sopsKey)) (filterAttrs (n: v: v.config.xyno.meta.sopsKey != null) instanceConfigs)
|
|
);
|
|
desktopHostNames = [ "theseus" ];
|
|
|
|
hostKeys = flatten (attrValues keysPerHost);
|
|
desktopKeys = flatten (
|
|
attrValues (filterAttrs (n: v: any (x: x == n) desktopHostNames) keysPerHost)
|
|
);
|
|
|
|
sopsCfg = {
|
|
keys = adminKeys ++ hostKeys;
|
|
creation_rules = [
|
|
{
|
|
path_regex = "secrets/[^/]+\.(yaml|json|env|ini)$";
|
|
key_groups = [ { pgp = adminKeys ++ hostKeys; } ];
|
|
}
|
|
{
|
|
path_regex = "secrets/desktop/[^/]+\.(yaml|json|env|ini)$";
|
|
key_groups = [ { pgp = adminKeys ++ desktopKeys; } ];
|
|
}
|
|
]
|
|
++ (mapAttrsToList (n: v: {
|
|
# path_regex = "instances/${n}/secrets/[^/]+\.(yaml|json|env|ini)$";
|
|
path_regex = "instances/${n}/secrets/[^/]+\.(yaml|json|env|ini)$";
|
|
key_groups = [ { pgp = adminKeys ++ v; } ];
|
|
|
|
}) keysPerHost);
|
|
};
|
|
sopsCfgFile = writeText ".sops.yaml" (builtins.toJSON sopsCfg);
|
|
|
|
in
|
|
sopsCfgFile
|