Use attrs for secrets instead of lists

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2021-10-16 17:40:07 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2021-10-16 20:20:45 +0200
commit: 4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0 (patch)
tree: 9a7ede9ac3f1899074e9ef568a447f883191d3b5 /modules/private/monitoring
parent: da30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2 (diff)
download: Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.tar.gz
Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.tar.zst
Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.zip
3 files changed, 15 insertions, 22 deletions
diff --git a/modules/private/monitoring/default.nix b/modules/private/monitoring/default.nix
index cab9e7c..bdb5c93 100644
--- a/modules/private/monitoring/default.nix
+++ b/modules/private/monitoring/default.nix
@@ -199,18 +199,15 @@ in
      text = "MAILADDR ${config.myEnv.monitoring.email}";
    };
-    secrets.keys = [
+    secrets.keys = {
-      {
+      "naemon/id_rsa" = {
-        dest = "naemon/id_rsa";
        user = "naemon";
        group = "naemon";
        permissions = "0400";
        text = config.myEnv.monitoring.ssh_secret_key;
-      }
+      };
-    ] ++ lib.optionals cfg.master (
+    } // lib.optionalAttrs cfg.master (
-      lib.mapAttrsToList (k: v:
+      lib.mapAttrs' (k: v: lib.nameValuePair "${k}_access_key" {
-      {
-        dest = "${k}_access_key";
        user = "naemon";
        group = "naemon";
        permissions = "0400";
diff --git a/modules/private/monitoring/status.nix b/modules/private/monitoring/status.nix
index 73f4749..ab0290c 100644
--- a/modules/private/monitoring/status.nix
+++ b/modules/private/monitoring/status.nix
@@ -12,17 +12,14 @@
    };
  };
  config = lib.mkIf config.myServices.status.enable {
-    secrets.keys = [
+    secrets.keys."naemon-status/environment" = {
-      {
+      user = "naemon";
-        dest = "naemon-status/environment";
+      group = "naemon";
-        user = "naemon";
+      permissions = "0400";
-        group = "naemon";
+      text = ''
-        permission = "0400";
+        TOKENS=${builtins.concatStringsSep " " config.myEnv.monitoring.nrdp_tokens}
-        text = ''
+        '';
-          TOKENS=${builtins.concatStringsSep " " config.myEnv.monitoring.nrdp_tokens}
+    };
-          '';
-      }
-    ];
    services.nginx = {
      enable = true;
      recommendedOptimisation = true;
diff --git a/modules/private/monitoring/status_engine.nix b/modules/private/monitoring/status_engine.nix
index 8192a9d..39a753a 100644
--- a/modules/private/monitoring/status_engine.nix
+++ b/modules/private/monitoring/status_engine.nix
@@ -19,8 +19,7 @@ in
      };
    };
-    secrets.keys = [{
+    secrets.keys."status_engine" = {
-      dest = "status_engine";
      permissions = "0400";
      user = "naemon";
      group = "naemon";
@@ -87,7 +86,7 @@ in
        disable_http_proxy: 1
      '';
-    }];
+    };
    services.redis = rec {
      enable = true;
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2021-10-16 17:40:07 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2021-10-16 20:20:45 +0200
commit	4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0 (patch)
tree	9a7ede9ac3f1899074e9ef568a447f883191d3b5 /modules/private/monitoring
parent	da30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2 (diff)
download	Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.tar.gz Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.tar.zst Nix-4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0.zip