Daniel Barlow
4fb8253e57
- a module to fetch them with http(s) - a service using templating to consume them - update an example to use it needs service restarts needs other services to use the template mechanism needs tidying up
37 lines
887 B
Nix
37 lines
887 B
Nix
## Secrets
|
|
|
|
## various ways to manage secrets without writing them to the
|
|
## nix store
|
|
|
|
{ lib, pkgs, config, ...}:
|
|
let
|
|
inherit (lib) mkOption types;
|
|
inherit (pkgs) liminix;
|
|
inherit (pkgs.liminix.services) longrun;
|
|
in {
|
|
options.system.service.secrets = {
|
|
outboard = mkOption {
|
|
description = "fetch secrets from external vault with https";
|
|
type = liminix.lib.types.serviceDefn;
|
|
};
|
|
|
|
};
|
|
config.system.service.secrets = {
|
|
outboard = config.system.callService ./outboard.nix {
|
|
url = mkOption {
|
|
description = "source url";
|
|
type = types.strMatching "https?://.*";
|
|
};
|
|
name = mkOption {
|
|
description = "service name";
|
|
type = types.str;
|
|
};
|
|
interval = mkOption {
|
|
type = types.int;
|
|
default = 30;
|
|
description = "how often to check the source, in minutes";
|
|
};
|
|
};
|
|
};
|
|
}
|