45 lines
744 B
Nix
45 lines
744 B
Nix
{lib}: let
|
|
local = import ./local.nix;
|
|
in rec {
|
|
mkBinarySecret = {
|
|
name,
|
|
sopsFile,
|
|
owner ? null,
|
|
group ? null,
|
|
path ? local.secretPath name,
|
|
}:
|
|
{
|
|
inherit path sopsFile;
|
|
format = "binary";
|
|
}
|
|
// lib.optionalAttrs (owner != null) {
|
|
inherit owner;
|
|
}
|
|
// lib.optionalAttrs (group != null) {
|
|
inherit group;
|
|
};
|
|
|
|
mkUserBinarySecret = {
|
|
name,
|
|
sopsFile,
|
|
owner ? local.user.name,
|
|
path ? local.secretPath name,
|
|
}:
|
|
mkBinarySecret {
|
|
inherit name owner path sopsFile;
|
|
};
|
|
|
|
mkServiceBinarySecret = {
|
|
name,
|
|
sopsFile,
|
|
serviceUser,
|
|
serviceGroup ? serviceUser,
|
|
path ? local.secretPath name,
|
|
}:
|
|
mkBinarySecret {
|
|
inherit name path sopsFile;
|
|
group = serviceGroup;
|
|
owner = serviceUser;
|
|
};
|
|
}
|