mirror of
https://github.com/oddlama/nix-config.git
synced 2025-10-11 07:10:39 +02:00
wip: remove very specific special args and unify library functions
This commit is contained in:
parent
dfc3084fe9
commit
68bb9731d3
28 changed files with 594 additions and 644 deletions
|
@ -1,17 +1,17 @@
|
|||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
nodePath,
|
||||
...
|
||||
}: {
|
||||
# Define local repo secrets
|
||||
repo.secretFiles = let
|
||||
local = nodePath + "/secrets/local.nix.age";
|
||||
local = config.node.secretsDir + "/local.nix.age";
|
||||
in
|
||||
{
|
||||
global = ../../secrets/global.nix.age;
|
||||
}
|
||||
// lib.optionalAttrs (nodePath != null && lib.pathExists local) {inherit local;};
|
||||
// lib.optionalAttrs (lib.pathExists local) {inherit local;};
|
||||
|
||||
# Setup secret rekeying parameters
|
||||
age.rekey = {
|
||||
|
@ -24,13 +24,7 @@
|
|||
# This is technically impure, but intended. We need to rekey on the
|
||||
# current system due to yubikey availability.
|
||||
forceRekeyOnSystem = builtins.extraBuiltins.unsafeCurrentSystem;
|
||||
hostPubkey = let
|
||||
pubkeyPath =
|
||||
if nodePath == null
|
||||
then null
|
||||
else nodePath + "/secrets/host.pub";
|
||||
in
|
||||
lib.mkIf (pubkeyPath != null && lib.pathExists pubkeyPath) pubkeyPath;
|
||||
hostPubkey = config.node.secretsDir + "/host.pub";
|
||||
};
|
||||
|
||||
age.generators.dhparams.script = {pkgs, ...}: "${pkgs.openssl}/bin/openssl dhparam 4096";
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue