difftreelog
feat optional private secret part
in: trunk
2 files changed
modules/fleet/secrets.nixdiffbeforeafterboth25 default = null;25 default = null;26 };26 };27 secret = mkOption {27 secret = mkOption {28 type = str;28 type = nullOr str;29 description = "Encrypted secret data";29 description = "Encrypted secret data";30 default = null;30 };31 };31 };32 };32 };33 };modules/nixos/secrets.nixdiffbeforeafterboth--- a/modules/nixos/secrets.nix
+++ b/modules/nixos/secrets.nix
@@ -1,9 +1,12 @@
-{ lib, config, pkgs, ... }: with lib;
+{ lib, config, pkgs, ... }:
+
+with lib;
+
let
sysConfig = config;
secretType = types.submodule ({ config, ... }: {
config = {
- path = mkOptionDefault (if config.secret == null then (error "secret is not set") else "/run/secrets/${config._module.args.name}");
+ path = mkOptionDefault "/run/secrets/${config._module.args.name}";
publicPath = mkOptionDefault (pkgs.writeText "pub-${config._module.args.name}" config.public);
};
options = {
@@ -35,12 +38,10 @@
path = mkOption {
type = types.str;
- readOnly = true;
description = "Path to the decrypted secret";
};
publicPath = mkOption {
type = types.package;
- readOnly = true;
description = "Path to the public part of secret";
};
};