1{ lib, ... }: with lib;2let3 secret = with types; {4 options = {5 owners = mkOption {6 type = listOf str;7 description = ''8 List of hosts to encrypt secret for910 Secrets would be decrypted and stored to /run/secrets/$\{name} on owners11 '';12 };13 generator = mkOption {14 type = types.package;15 description = "Derivation to execute for secret generation";16 };17 expireIn = mkOption {18 type = nullOr int;19 description = "Time in hours, in which this secret should be regenerated";20 default = null;21 };22 data = mkOption {23 type = attrsOf anything;24 description = "Generated secret data, do not set it yourself";25 default = { };26 };27 };28 };29 host = with types; {30 options = {31 modules = mkOption {32 type = listOf anything;33 description = "List of nixos modules";34 default = [ ];35 };36 network = mkOption {37 type = submodule {38 options = {39 fleetIp = {40 type = str;41 description = "Ip which is available to all hosts in fleet";42 };43 };44 };45 description = "Network definition of host";46 };47 system = mkOption {48 type = str;49 description = "Type of system";50 };51 };52 };53in54{55 options = with types; {56 hosts = mkOption {57 type = attrsOf (submodule host);58 default = { };59 description = "Configurations of individual hosts";60 };61 secrets = mkOption {62 type = attrsOf (submodule secret);63 default = { };64 description = "Secrets";65 };66 };67 config = {68 secrets =69 if builtins?getEnv then70 let71 stringData = builtins.getEnv "SECRET_DATA";72 in73 if stringData != "" then (builtins.fromJSON stringData) else { }74 else { };75 };76}