From 7dfc0f431f2bd87fa4656e1940e6330172d81720 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 14 Oct 2020 12:18:59 +0200 Subject: krebs.secret: add directory and file options --- krebs/3modules/secret.nix | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'krebs') diff --git a/krebs/3modules/secret.nix b/krebs/3modules/secret.nix index 67454d1f7..978939f69 100644 --- a/krebs/3modules/secret.nix +++ b/krebs/3modules/secret.nix @@ -3,6 +3,14 @@ with import ; cfg = config.krebs.secret; in { options.krebs.secret = { + directory = mkOption { + default = toString ; + type = types.absolute-pathname; + }; + file = mkOption { + default = relpath: "${cfg.directory}/${relpath}"; + readOnly = true; + }; files = mkOption { type = with types; attrsOf secret-file; default = {}; -- cgit v1.2.3 From 2d3130e87095694be52962a8db0b7432b5661684 Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 14 Oct 2020 13:02:09 +0200 Subject: tv * ssh.privkey.path: use krebs.secret.file --- krebs/3modules/tv/default.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'krebs') diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index c86fda05d..6a09cc834 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -52,7 +52,7 @@ in { ''; }; }; - ssh.privkey.path = ; + ssh.privkey.path = config.krebs.secret.file "ssh.id_rsa"; ssh.pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP9JS2Nyjx4Pn+/4MrFi1EvBBYVKkGm2Q4lhgaAiSuiGLol53OSsL2KIo01mbcSSBWow9QpQpn8KDoRnT2aMLDrdTFqL20ztDLOXmtrSsz3flgCjmW4f6uOaoZF0RNjAybd1coqwSJ7EINugwoqOsg1zzN2qeIGKYFvqFIKibYFAnQ8hcksmkvPdIO5O8CbdIiP9sZSrSDp0ZyLK2T0PML2jensVZOeqSPulQDFqLsbmavpVLkpDjdzzPRwbZWNB4++YeipbYNOkX4GR1EB4wMZ93IbBV7kpJtib2Zb2AnUf7UW37hxWBjILdstj9ClwNOQggn8kD9ub7YxBzH1dz0Xd8a0mPOAWIDJz9MypXgFRc3vdvPB/W1I4Se0CLbgOkORun9CkgijKr9oEY8JNt8HFd6viZcAaQxOyIm6PNHZTnHfdSc7bIBS2n3e3IZBv0fTd77knGLXg402aTuu2bm/kxsKivxsILXIaGbeXe4ceN3Fynr3FzSM2bUkzHb0mAHu1BQ9YaX0xzCwjVueA5nzGls7ODSFkXsiBfg2FvMN/sTLFca6tnwyqcnD6nujoiS5+BxjDWPgnZYqCaW3B/IkpTsRMsX6QrfhOFcsP8qlJ2Cp82orWoDK/D0vZ9pdzAc6PFGga0RofuJKY2yiq+SRZ7/e9E6VncIVCYZ1OfN0Q=="; }; au = { @@ -79,7 +79,7 @@ in { }; }; secure = true; - ssh.privkey.path = ; + ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsqDuhGJpjpqNv4QmjoOhcODObrPyY3GHLvtVkgXV0g root@au"; }; mu = { @@ -103,7 +103,7 @@ in { ''; }; }; - ssh.privkey.path = ; + ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1vJsAddvxMA84u9iJEOrIkKn7pQiemMbfW5cfK1d7g root@mu"; }; ni = { @@ -177,7 +177,7 @@ in { }; }; secure = true; - ssh.privkey.path = ; + ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIHmwXHV7E9UGuk4voVCADjlLkyygqNw054jvrsPn5t root@nomic"; }; wu = { @@ -203,7 +203,7 @@ in { }; }; secure = true; - ssh.privkey.path = ; + ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa"; }; querel = { @@ -262,7 +262,7 @@ in { }; }; secure = true; - ssh.privkey.path = ; + ssh.privkey.path = config.krebs.secret.file "ssh.id_ed25519"; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnjfceKuHNQu7S4eYFN1FqgzMqiL7haNZMh2ZLhvuhK root@xu"; }; zu = { -- cgit v1.2.3