move installation instructions to top
they are the most important part for someone to review
This commit is contained in:
parent
568dede67c
commit
4b6b3bba3d
1 changed files with 9 additions and 11 deletions
|
@ -6,7 +6,15 @@ let
|
|||
cfg = config.age;
|
||||
users = config.users.users;
|
||||
|
||||
age-install-secrets = (pkgs.callPackage ../.. {}).age-install-secrets;
|
||||
installSecret = secretType: ''
|
||||
TMP_DIR=$(mktemp -d)
|
||||
TMP_FILE="$TMP_DIR/file"
|
||||
(umask 0400; ${pkgs.age}/bin/age --decrypt ${identities} -o "$TMP_FILE" "${secretType.file}")
|
||||
install -o '${secretType.owner}' -g '${secretType.group}' -m '${secretType.mode}' "$TMP_FILE" '${secretType.path}'
|
||||
rm -rf "$TMP_DIR"
|
||||
'';
|
||||
|
||||
installAllSecrets = builtins.concatStringsSep (map installSecret (builtins.attrValues cfg.secrets));
|
||||
|
||||
secretType = types.submodule ({ config, ... }: {
|
||||
options = {
|
||||
|
@ -60,16 +68,6 @@ let
|
|||
|
||||
identities = builtins.concatStringsSep " " (map (path: "-i ${path}") cfg.sshKeyPaths);
|
||||
|
||||
installSecret = secretType: ''
|
||||
TMP_DIR=$(mktemp -d)
|
||||
TMP_FILE="$TMP_DIR/file"
|
||||
(umask 0400; ${pkgs.age}/bin/age --decrypt ${identities} -o "$TMP_FILE" "${secretType.file}")
|
||||
install -o '${secretType.owner}' -g '${secretType.group}' -m '${secretType.mode}' "$TMP_FILE" '${secretType.path}'
|
||||
rm -rf "$TMP_DIR"
|
||||
'';
|
||||
|
||||
installAllSecrets = builtins.concatStringsSep (map installSecret (builtins.attrValues cfg.secrets));
|
||||
|
||||
in {
|
||||
options.age = {
|
||||
secrets = mkOption {
|
||||
|
|
Loading…
Reference in a new issue