Move tools to new secrets location

[perso/Immae/Config/Nix.git] / nixops / modules / secrets / default.nix

diff --git a/nixops/modules/secrets/default.nix b/nixops/modules/secrets/default.nix
index 7096e48500c66f5a80f15e76cd3d03cbb43505d9..85000882f776f588c5048aa0d84f999b04248584 100644 (file)
--- a/nixops/modules/secrets/default.nix
+++ b/nixops/modules/secrets/default.nix
@@ -8,20 +8,8 @@
     };
   };
   config = let
-    oldkeys = lib.attrsets.filterAttrs (n: v: n != "secrets.tar") config.deployment.keys;
     keys = config.mySecrets.keys;
     empty = pkgs.runCommand "empty" { preferLocalBuild = true; } "mkdir -p $out && touch $out/done";
-    dumpOldKey = k: v: let
-      dest = if v.destDir == "/run/keys"
-        then k
-        else (builtins.replaceStrings ["/run/keys/"] [""] v.destDir) + "/" + k;
-      in ''
-        mkdir -p secrets/$(dirname ${dest})
-        echo -n ${lib.strings.escapeShellArg v.text} > secrets/${dest}
-        cat >> mods <<EOF
-        ${v.user or "root"} ${v.group or "root"} ${v.permissions or "0600"} secrets/${dest}
-        EOF
-        '';
     dumpKey = v: ''
         mkdir -p secrets/$(dirname ${v.dest})
         echo -n ${lib.strings.escapeShellArg v.text} > secrets/${v.dest}
@@ -32,7 +20,6 @@
     secrets = pkgs.runCommand "secrets.tar" {} ''
       touch mods
       tar --format=ustar --mtime='1970-01-01' -P --transform="s@${empty}@secrets@" -cf $out ${empty}/done
-      ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList dumpOldKey oldkeys)}
       ${builtins.concatStringsSep "\n" (map dumpKey keys)}
       cat mods | while read u g p k; do
       tar --format=ustar --mtime='1970-01-01' --owner="$u" --group="$g" --mode="$p" --append -f $out "$k"