aboutsummaryrefslogtreecommitdiff
path: root/nixops/modules/secrets
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2019-04-25 09:26:26 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2019-04-25 09:26:26 +0200
commit8db8e666707a0e51af9353c76c5863e1a5482ed5 (patch)
tree64bfdc2cb62f84250955424ad202fc875d4ddbc4 /nixops/modules/secrets
parent32c84ff89c2b8931f58cea63961a178a9b1d0efe (diff)
downloadNix-8db8e666707a0e51af9353c76c5863e1a5482ed5.tar.gz
Nix-8db8e666707a0e51af9353c76c5863e1a5482ed5.tar.zst
Nix-8db8e666707a0e51af9353c76c5863e1a5482ed5.zip
Move tools to new secrets location
Diffstat (limited to 'nixops/modules/secrets')
-rw-r--r--nixops/modules/secrets/default.nix13
1 files changed, 0 insertions, 13 deletions
diff --git a/nixops/modules/secrets/default.nix b/nixops/modules/secrets/default.nix
index 7096e48..8500088 100644
--- a/nixops/modules/secrets/default.nix
+++ b/nixops/modules/secrets/default.nix
@@ -8,20 +8,8 @@
8 }; 8 };
9 }; 9 };
10 config = let 10 config = let
11 oldkeys = lib.attrsets.filterAttrs (n: v: n != "secrets.tar") config.deployment.keys;
12 keys = config.mySecrets.keys; 11 keys = config.mySecrets.keys;
13 empty = pkgs.runCommand "empty" { preferLocalBuild = true; } "mkdir -p $out && touch $out/done"; 12 empty = pkgs.runCommand "empty" { preferLocalBuild = true; } "mkdir -p $out && touch $out/done";
14 dumpOldKey = k: v: let
15 dest = if v.destDir == "/run/keys"
16 then k
17 else (builtins.replaceStrings ["/run/keys/"] [""] v.destDir) + "/" + k;
18 in ''
19 mkdir -p secrets/$(dirname ${dest})
20 echo -n ${lib.strings.escapeShellArg v.text} > secrets/${dest}
21 cat >> mods <<EOF
22 ${v.user or "root"} ${v.group or "root"} ${v.permissions or "0600"} secrets/${dest}
23 EOF
24 '';
25 dumpKey = v: '' 13 dumpKey = v: ''
26 mkdir -p secrets/$(dirname ${v.dest}) 14 mkdir -p secrets/$(dirname ${v.dest})
27 echo -n ${lib.strings.escapeShellArg v.text} > secrets/${v.dest} 15 echo -n ${lib.strings.escapeShellArg v.text} > secrets/${v.dest}
@@ -32,7 +20,6 @@
32 secrets = pkgs.runCommand "secrets.tar" {} '' 20 secrets = pkgs.runCommand "secrets.tar" {} ''
33 touch mods 21 touch mods
34 tar --format=ustar --mtime='1970-01-01' -P --transform="s@${empty}@secrets@" -cf $out ${empty}/done 22 tar --format=ustar --mtime='1970-01-01' -P --transform="s@${empty}@secrets@" -cf $out ${empty}/done
35 ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList dumpOldKey oldkeys)}
36 ${builtins.concatStringsSep "\n" (map dumpKey keys)} 23 ${builtins.concatStringsSep "\n" (map dumpKey keys)}
37 cat mods | while read u g p k; do 24 cat mods | while read u g p k; do
38 tar --format=ustar --mtime='1970-01-01' --owner="$u" --group="$g" --mode="$p" --append -f $out "$k" 25 tar --format=ustar --mtime='1970-01-01' --owner="$u" --group="$g" --mode="$p" --append -f $out "$k"