cst1/infrastructure
1
0
Fork 0
forked from DGNum/infrastructure
Code Pull requests Activity

feat(dgn-secrets): Add a matches option

Browse source 
This option allows specifying regexes tied to options.
When a secret matches a pattern, the the options are applied to it.
This commit is contained in:
Tom Hubrecht 2023-10-02 22:48:18 +02:00
parent 18c1fa1ddd
commit 5622bc3748
9 changed files with 71 additions and 107 deletions
Download patch file Download diff file Expand all files Collapse all files

18
machines/compute01/ds-fr/default.nix
View file

@ -1,9 +1,6 @@
{ config, lib, dgn-lib, ... }:
{ config, ... }:
let
inherit (dgn-lib) setDefault;
host = "demarches.dgnum.eu";
let host = "demarches.dgnum.eu";
in {
imports = [ ./module.nix ];
@ -28,7 +25,8 @@ in {
S3_REGION = "garage";
S3_FORCE_PATH_STYLE = "true";
S3_ACCESS_KEY_ID = "GK4d244118eac2336ae0ab2dd9";
S3_SECRET_ACCESS_KEY = "61100261fb0a0c861371596f9ffcd1e83134301a6d0c665a077135af04ba18c3";
S3_SECRET_ACCESS_KEY =
"61100261fb0a0c861371596f9ffcd1e83134301a6d0c665a077135af04ba18c3";
# SAML_IDP_ENABLED = "enabled";
@ -51,8 +49,7 @@ in {
CONTACT_EMAIL = "demarches@infra.dgnum.eu";
EQUIPE_EMAIL = "equipe@infra.dgnum.eu";
TECH_EMAIL = "tech@infra.dgnum.eu";
NO_REPLY_EMAIL =
''"Ne pas répondre <demarches@infra.dgnum.eu>"'';
NO_REPLY_EMAIL = ''"Ne pas répondre <demarches@infra.dgnum.eu>"'';
OLD_CONTACT_EMAIL = "";
CONTACT_PHONE = "";
@ -63,10 +60,7 @@ in {
};
};
dgn-secrets.options = [
(setDefault { owner = "ds-fr"; }
(builtins.filter (lib.hasPrefix "ds_fr") config.dgn-secrets.names))
];
dgn-secrets.matches."^ds_fr-.*$" = { owner = "ds-fr"; };
users.users.ds-fr.extraGroups = [ "sendmail" ];
}