mirrors/sops-nix
mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2025-04-09 02:14:08 +00:00
Code Activity

Apply suggestions from code review

Browse source 
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
This commit is contained in:
Ninlives 2023-03-21 21:20:42 +08:00 committed by GitHub
parent efd85fbf51
commit 8c4ecdc301
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
modules/sops/templates/default.nix
View file

@ -5,12 +5,6 @@ with builtins;
let
cfg = config.sops;
secretsForUsers = lib.filterAttrs (_: v: v.neededForUsers) cfg.secrets;
users = config.users.users;
substitute = pkgs.writers.writePython3 "substitute" { } (readFile ./subs.py);
subst-pairs = pkgs.writeText "pairs" (concatMapStringsSep "\n" (name:
"${toString config.sops.placeholder.${name}} ${
config.sops.secrets.${name}.path
}") (attrNames config.sops.secrets));
coercibleToString = mkOptionType {
name = "coercibleToString";
description = "value that can be coerced to string";
@ -53,7 +47,7 @@ let
};
group = mkOption {
type = str;
default = users.${config.owner}.group;
default = config.users.users.${config.owner}.group;
description = ''
Group of the file.
'';
@ -90,7 +84,13 @@ in {
++ optional (secretsForUsers != { }) "setupSecretsForUsers") ''
echo Setting up sops templates...
${concatMapStringsSep "\n" (name:
let tpl = config.sops.templates.${name};
let
tpl = config.sops.templates.${name};
substitute = pkgs.writers.writePython3 "substitute" { } (readFile ./subs.py);
subst-pairs = pkgs.writeText "pairs" (concatMapStringsSep "\n" (name:
"${toString config.sops.placeholder.${name}} ${
config.sops.secrets.${name}.path
}") (attrNames config.sops.secrets));
in ''
mkdir -p "${dirOf tpl.path}"
(umask 077; ${substitute} ${tpl.file} ${subst-pairs} > ${tpl.path})