dan
/
liminix
1
0
Fork 5
Code Issues 2 Pull Requests 1 Projects Releases Wiki Activity
liminix/modules/secrets/default.nix

37 lines
887 B
Nix
Raw Normal View History

first pass at outboard secrets - a module to fetch them with http(s) - a service using templating to consume them - update an example to use it needs service restarts needs other services to use the template mechanism needs tidying up
2024-08-12 21:57:21 +00:00
## Secrets
## various ways to manage secrets without writing them to the
## nix store
{ lib, pkgs, config, ...}:
let
inherit (lib) mkOption types;
inherit (pkgs) liminix;
inherit (pkgs.liminix.services) longrun;
in {
options.system.service.secrets = {
outboard = mkOption {
description = "fetch secrets from external vault with https";
type = liminix.lib.types.serviceDefn;
};
};
config.system.service.secrets = {
outboard = config.system.callService ./outboard.nix {
url = mkOption {
description = "source url";
type = types.strMatching "https?://.*";
};
name = mkOption {
description = "service name";
type = types.str;
};
interval = mkOption {
type = types.int;
default = 30;
description = "how often to check the source, in minutes";
};
};
};
}