UGA-Innovation-Factory/athenix
3
1
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

chore: Run nix fmt
All checks were successful
CI / Format Check (push) Successful in 2s
Details
CI / Flake Check (push) Successful in 1m42s
Details
CI / Evaluate Key Configurations (nix-builder) (push) Successful in 13s
Details
CI / Evaluate Key Configurations (nix-desktop1) (push) Successful in 7s
Details
CI / Evaluate Key Configurations (nix-laptop1) (push) Successful in 8s
Details
CI / Evaluate Artifacts (installer-iso-nix-laptop1) (push) Successful in 22s
Details
CI / Evaluate Artifacts (lxc-nix-builder) (push) Successful in 14s
Details
CI / Build and Publish Documentation (push) Successful in 10s
Details

Browse Source
This commit is contained in:
UGA Innovation Factory
2026-01-30 19:19:38 +00:00
parent 3efba93424
commit 862ae2c864
2 changed files with 37 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
sw/secrets.nix
View File

@@ -24,11 +24,7 @@ let
hostname = config.networking.hostName;
# Read all directories in ./secrets
secretDirs =
if builtins.pathExists secretsPath then
builtins.readDir secretsPath
else
{ };
secretDirs = if builtins.pathExists secretsPath then builtins.readDir secretsPath else { };
# Filter to only directories (excludes files)
isDirectory = name: type: type == "directory";
@@ -46,9 +42,7 @@ let
customConfigs = if hasDefaultNix then import (dirPath + "/default.nix") else { };
# Only include .age files (exclude .pub public keys and other files)
secretFiles = lib.filterAttrs (
name: type: type == "regular" && lib.hasSuffix ".age" name
) files;
secretFiles = lib.filterAttrs (name: type: type == "regular" && lib.hasSuffix ".age" name) files;
in
lib.mapAttrs' (
name: _:
@@ -74,9 +68,7 @@ let
dirPath = secretsPath + "/${dirName}";
files = if builtins.pathExists dirPath then builtins.readDir dirPath else { };
# Only include .pub public key files
pubKeyFiles = lib.filterAttrs (
name: type: type == "regular" && lib.hasSuffix ".pub" name
) files;
pubKeyFiles = lib.filterAttrs (name: type: type == "regular" && lib.hasSuffix ".pub" name) files;
in
lib.mapAttrsToList (
name: _:
@@ -151,7 +143,8 @@ in
};
extraSecrets = mkOption {
type = types.attrsOf (types.submodule {
type = types.attrsOf (
types.submodule {
options = {
file = mkOption {
type = types.path;
@@ -173,7 +166,8 @@ in
description = "Group of the decrypted secret file";
};
};
});
}
);
default = { };
description = ''
Additional secrets to define manually, beyond the auto-discovered ones.
@@ -205,6 +199,8 @@ in
let
hasSecrets = (builtins.length (builtins.attrNames applicableSecrets)) > 0;
in
lib.optional (!hasSecrets) "No age-encrypted secrets found in ./secrets/global/ or ./secrets/${hostname}/";
lib.optional (
!hasSecrets
) "No age-encrypted secrets found in ./secrets/global/ or ./secrets/${hostname}/";
};
}