mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Files
5ce8433aa83c4a6e69e652f61bea3c2c8e06c8ad
nix-config/modules/nixos/services/nebula/sops.nix
mjallen18 70002a19e2 hmm
2026-04-07 18:39:42 -05:00

41 lines
990 B
Nix
Executable File
Raw Blame History

{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.nebula;
sopsFile = cfg.secretsFile;
nebulaUser = "nebula-${cfg.networkName}";
nebulaUnit = "nebula@${cfg.networkName}.service";
mkSecret = _key: {
inherit sopsFile;
owner = nebulaUser;
group = nebulaUser;
restartUnits = [ nebulaUnit ];
};
in
{
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.secretsPrefix != "";
message = "mjallen.services.nebula.secretsPrefix must be set (e.g. \"pi5/nebula\")";
}
{
assertion = cfg.secretsFile != "";
message = "mjallen.services.nebula.secretsFile must be set to the path of the SOPS secrets YAML";
}
];
sops.secrets = {
"${cfg.secretsPrefix}/ca-cert" = mkSecret "ca-cert";
"${cfg.secretsPrefix}/${cfg.hostSecretName}-cert" = mkSecret "host-cert";
"${cfg.secretsPrefix}/${cfg.hostSecretName}-key" = mkSecret "host-key";
};
};
}
Reference in New Issue View Git Blame Copy Permalink