From a7b8f0feb7f775c9467137180054ebd9474fc6ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 17 Nov 2024 11:35:16 +0100 Subject: [PATCH] define templates for home-manager --- modules/home-manager/sops.nix | 4 ++ modules/home-manager/templates.nix | 91 ++++++++++++++++++++++++++++++ 2 files changed, 95 insertions(+) create mode 100644 modules/home-manager/templates.nix diff --git a/modules/home-manager/sops.nix b/modules/home-manager/sops.nix index 9432c41..e8ad585 100644 --- a/modules/home-manager/sops.nix +++ b/modules/home-manager/sops.nix @@ -109,6 +109,10 @@ let ${sops-install-secrets}/bin/sops-install-secrets -ignore-passwd ${manifest} '')); in { + imports = [ + ./templates.nix + ]; + options.sops = { secrets = lib.mkOption { type = lib.types.attrsOf secretType; diff --git a/modules/home-manager/templates.nix b/modules/home-manager/templates.nix new file mode 100644 index 0000000..a1901a5 --- /dev/null +++ b/modules/home-manager/templates.nix @@ -0,0 +1,91 @@ +{ config, pkgs, lib, options, ... }: +let + inherit (lib) + mkOption + mkDefault + mapAttrs + types + ; +in { + options.sops = { + templates = mkOption { + description = "Templates for secret files"; + type = types.attrsOf (types.submodule ({ config, ... }: { + options = { + name = mkOption { + type = types.singleLineStr; + default = config._module.args.name; + description = '' + Name of the file used in /run/secrets/rendered + ''; + }; + path = mkOption { + description = "Path where the rendered file will be placed"; + type = types.singleLineStr; + # Keep this in sync with `RenderedSubdir` in `pkgs/sops-install-secrets/main.go` + default = "${config.xdg.configHome}/sops-nix/secrets/rendered/${config.name}"; + }; + content = mkOption { + type = types.lines; + default = ""; + description = '' + Content of the file + ''; + }; + mode = mkOption { + type = types.singleLineStr; + default = "0400"; + description = '' + Permissions mode of the rendered secret file in octal. + ''; + }; + file = mkOption { + type = types.path; + default = pkgs.writeText config.name config.content; + defaultText = lib.literalExpression ''pkgs.writeText config.name config.content''; + example = "./configuration-template.conf"; + description = '' + File used as the template. When this value is specified, `sops.templates..content` is ignored. + ''; + }; + restartUnits = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + example = [ "sshd.service" ]; + description = '' + Names of units that should be restarted when the rendered template changes. + This works the same way as . + ''; + }; + reloadUnits = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + example = [ "sshd.service" ]; + description = '' + Names of units that should be reloaded when the rendered template changes. + This works the same way as . + ''; + }; + }; + })); + default = { }; + }; + placeholder = mkOption { + type = types.attrsOf (types.mkOptionType { + name = "coercibleToString"; + description = "value that can be coerced to string"; + check = lib.strings.isConvertibleWithToString; + merge = lib.mergeEqualOption; + }); + default = { }; + visible = false; + }; + }; + + config = lib.optionalAttrs (options ? sops.secrets) + (lib.mkIf (config.sops.templates != { }) { + sops.placeholder = mapAttrs + (name: _: mkDefault "") + config.sops.secrets; + }); +}