Use attrs for secrets instead of lists

[perso/Immae/Config/Nix.git] / modules / private / dns.nix

diff --git a/modules/private/dns.nix b/modules/private/dns.nix
index 7c59b43a0463568ad38f11d06fd081aa5b53b0b1..1d7fd52fb3fe6e11d27ea801da4f0518ee719069 100644 (file)
--- a/modules/private/dns.nix
+++ b/modules/private/dns.nix
@@ -10,7 +10,7 @@
         ) listOfAttrs
       ) [{}] (attrNames attrsOfLists);
     cfg = config.services.bind;
-    keyIncludes = builtins.concatStringsSep "\n" (map (v: "include \"/var/secrets/bind/${v}.key\";") (builtins.attrNames config.myEnv.dns.keys));
+    keyIncludes = builtins.concatStringsSep "\n" (map (v: "include \"${config.secrets.fullPaths."bind/${v}.key"}\";") (builtins.attrNames config.myEnv.dns.keys));
     cartProduct = lib.foldr
       (s: servers: servers // { ${s.masters} = lib.unique ((servers.${s.masters} or []) ++ [s.keys]); })
       {}
@@ -87,9 +87,8 @@
     networking.firewall.allowedUDPPorts = [ 53 ];
     networking.firewall.allowedTCPPorts = [ 53 ];
     users.users.named.extraGroups = [ "keys" ];
-    secrets.keys = lib.mapAttrsToList (k: v:
-      {
-        dest = "bind/${k}.key";
+    secrets.keys = lib.mapAttrs' (k: v:
+      lib.nameValuePair "bind/${k}.key" {
         permissions = "0400";
         user = "named";
         text = ''