diff options
| author | Igor Pashev <pashev.igor@gmail.com> | 2016-09-29 13:51:44 +0300 |
|---|---|---|
| committer | Igor Pashev <pashev.igor@gmail.com> | 2016-09-29 13:51:44 +0300 |
| commit | 62f28d30a069135f9c48678507203958adfc334f (patch) | |
| tree | 7f38af0c8d3f445ee8cc50906a639baec7011127 /deployment | |
| parent | 1af9e6589bdd18e6ba7eeabf073aa7d710020cdd (diff) | |
| download | nixsap-62f28d30a069135f9c48678507203958adfc334f.tar.gz | |
Moved everything into ./modules
Diffstat (limited to 'deployment')
| -rw-r--r-- | deployment/default.nix | 11 | ||||
| -rw-r--r-- | deployment/keyrings.nix | 64 |
2 files changed, 0 insertions, 75 deletions
diff --git a/deployment/default.nix b/deployment/default.nix deleted file mode 100644 index 240d970..0000000 --- a/deployment/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{lib, ... }: - -let - all = lib.filterAttrs - ( n: _: n != "default.nix" && ! lib.hasPrefix "." n ) - (builtins.readDir ./.); - -in { - imports = map (p: ./. + "/${p}") ( builtins.attrNames all ); -} - diff --git a/deployment/keyrings.nix b/deployment/keyrings.nix deleted file mode 100644 index 6230107..0000000 --- a/deployment/keyrings.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ config, lib, ... }: - -let - - inherit (builtins) - attrNames baseNameOf head match pathExists readFile toString ; - inherit (lib) - foldl genAttrs mapAttrsToList mkOption optionalAttrs types ; - inherit (types) - attrsOf listOf nullOr path ; - - allusers = config.users.users; - cfg = config.nixsap.deployment; - - # XXX If the file is encrypted: - # error: the contents of the file ‘...’ cannot be represented as a Nix string - read = key: - let - m = match "^([^(]*)\\[.+\\]$" key; - s = if m != null then head m else key; - in if cfg.secrets != null - then readFile (cfg.secrets + "/${s}") - else ""; - -in { - options.nixsap.deployment = { - secrets = mkOption { - description = '' - Directory with the secrets. If not specified, - each key will be an empty file. - ''; - type = nullOr path; - default = null; - example = "<secrets>"; - }; - keyrings = mkOption { - type = attrsOf (listOf path); - description = '' - Binds keys to a user. It's possible to share the same key between - multiple users, of course by different names: "/run/keys/foo" and - "/run/keys/foo[bar]" will use the same secret file "foo". - ''; - default = {}; - example = { mysqlbackup = [ "/run/keys/s3cmd.cfg" ]; - pgbackup = [ "/run/keys/s3cmd.cfg[pgbackup]" ]; - }; - }; - }; - - config = { - users.users = genAttrs (attrNames cfg.keyrings) ( - name: optionalAttrs (name != "root") { extraGroups = [ "keys" ]; } - ); - - deployment.keys = foldl (a: b: a//b) {} ( - mapAttrsToList (name: keys: - genAttrs (map baseNameOf keys) - (key: { text = read key; - user = toString allusers.${name}.uid; - }) - ) cfg.keyrings - ); - }; -} |