pkg/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2025-12-27 06:34:58 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Undepreacte sopsFile

Browse source
This commit is contained in:
vdbewout 2023-10-14 12:35:19 +02:00
parent a140a3706d
commit dc74efa509
No known key found for this signature in database
GPG key ID: F4756403592D3E9F
1 changed files with 24 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

30
modules/sops/default.nix
View file

@ -1,17 +1,20 @@
{ config, lib, pkgs, ... }:
{ config, options, lib, pkgs, ... }:
with lib;
let
cfg = config.sops;
opts = options.sops;
users = config.users.users;
sops-install-secrets = cfg.package;
sops-install-secrets-check = cfg.validationPackage;
regularSecrets = lib.filterAttrs (_: v: !v.neededForUsers) cfg.secrets;
secretsForUsers = lib.filterAttrs (_: v: v.neededForUsers) cfg.secrets;
secretType = types.submodule ({ config, ... }: {
secrets = mapAttrs (_: secret: removeAttrs secret ["sopsFile"]) cfg.secrets;
regularSecrets = lib.filterAttrs (_: v: !v.neededForUsers) secrets;
secretsForUsers = lib.filterAttrs (_: v: v.neededForUsers) secrets;
secretType = types.submodule ({ config, options, ... }: {
config = {
sopsFiles = lib.mkOptionDefault cfg.defaultSopsFiles;
sopsFile = mkOptionDefault cfg.defaultSopsFile;
sopsFiles = if options.sopsFile.isDefined then warn "`sops.secrets.<name>.sopsFile` is being deprecated, use `sops.secrets.<name>.sopsFiles` instead" [ config.sopsFile ] else (lib.mkOptionDefault cfg.defaultSopsFiles);
sopsFilesHash = mkOptionDefault (optionals cfg.validateSopsFiles (forEach config.sopsFiles (builtins.hashFile "sha256")));
};
options = {
@ -70,6 +73,13 @@ let
Group of the file.
'';
};
sopsFile = mkOption {
type = types.path;
defaultText = "\${config.sops.defaultSopsFile}";
description = ''
Sops file the secret is loaded from.
'';
};
sopsFiles = mkOption {
type = types.nonEmptyListOf types.path;
defaultText = "\${config.sops.defaultSopsFiles}";
@ -166,6 +176,13 @@ in {
'';
};
defaultSopsFile = mkOption {
type = types.path;
description = ''
Default sops file used for all secrets.
'';
};
defaultSopsFiles = mkOption {
type = types.nonEmptyListOf types.path;
description = ''
@ -318,7 +335,6 @@ in {
./templates
(mkRenamedOptionModule [ "sops" "gnupgHome" ] [ "sops" "gnupg" "home" ])
(mkRenamedOptionModule [ "sops" "sshKeyPaths" ] [ "sops" "gnupg" "sshKeyPaths" ])
(mkRemovedOptionModule [ "sops" "defaultSopsFile" ] ''use `sops.defaultSopsFiles` instead'')
];
config = mkMerge [
(mkIf (cfg.secrets != {}) {
@ -348,6 +364,8 @@ in {
cfg.secrets)
);
warnings = optional opts.defaultSopsFile.isDefined "`sops.defaultSopsFile` is being deprecated, use `sops.defaultSopsFiles` instead";
sops.environment.SOPS_GPG_EXEC = mkIf (cfg.gnupg.home != null) (mkDefault "${pkgs.gnupg}/bin/gpg");
system.activationScripts = {