1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00

wip: remove very specific special args and unify library functions

This commit is contained in:
oddlama 2023-06-30 01:55:17 +02:00
parent dfc3084fe9
commit 68bb9731d3
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
28 changed files with 594 additions and 644 deletions

View file

@ -1,17 +1,17 @@
{
config,
inputs,
lib,
nodePath,
...
}: {
# Define local repo secrets
repo.secretFiles = let
local = nodePath + "/secrets/local.nix.age";
local = config.node.secretsDir + "/local.nix.age";
in
{
global = ../../secrets/global.nix.age;
}
// lib.optionalAttrs (nodePath != null && lib.pathExists local) {inherit local;};
// lib.optionalAttrs (lib.pathExists local) {inherit local;};
# Setup secret rekeying parameters
age.rekey = {
@ -24,13 +24,7 @@
# This is technically impure, but intended. We need to rekey on the
# current system due to yubikey availability.
forceRekeyOnSystem = builtins.extraBuiltins.unsafeCurrentSystem;
hostPubkey = let
pubkeyPath =
if nodePath == null
then null
else nodePath + "/secrets/host.pub";
in
lib.mkIf (pubkeyPath != null && lib.pathExists pubkeyPath) pubkeyPath;
hostPubkey = config.node.secretsDir + "/host.pub";
};
age.generators.dhparams.script = {pkgs, ...}: "${pkgs.openssl}/bin/openssl dhparam 4096";