-
Notifications
You must be signed in to change notification settings - Fork 27
/
Copy pathflake-module.nix
137 lines (129 loc) · 4.18 KB
/
flake-module.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
/*
A module to import into flakes based on flake-parts.
Makes integration into a flake easy and tidy.
See https://flake.parts, https://flake.parts/options/agenix-rekey
*/
{
lib,
self,
config,
flake-parts-lib,
...
}:
let
inherit (lib)
mkOption
mkPackageOption
types
;
allApps = [
"edit"
"generate"
"rekey"
"update-masterkeys"
];
in
{
options = {
flake = flake-parts-lib.mkSubmoduleOptions {
agenix-rekey = mkOption {
type = types.lazyAttrsOf (types.lazyAttrsOf types.package);
default = lib.mapAttrs (
_system: config':
lib.genAttrs allApps (
app:
import ./apps/${app}.nix {
nodes = import ./nix/select-nodes.nix {
inherit (config'.agenix-rekey)
nixosConfigurations
homeConfigurations
collectHomeManagerConfigurations
;
inherit (config'.agenix-rekey.pkgs) lib;
};
inherit (config'.agenix-rekey) pkgs;
agePackage = _: config'.agenix-rekey.agePackage;
userFlake = self;
}
)
) config.allSystems;
defaultText = "Automatically filled by agenix-rekey";
readOnly = true;
description = ''
The agenix-rekey apps specific to your flake. Used by the `agenix` wrapper script,
and can be run manually using `nix run .#agenix-rekey.$system.<app>`.
'';
};
};
perSystem = flake-parts-lib.mkPerSystemOption (
{
config,
lib,
pkgs,
...
}:
{
imports = [
(lib.mkRenamedOptionModule
[
"agenix-rekey"
"nodes"
]
[
"agenix-rekey"
"nixosConfigurations"
]
)
];
options.agenix-rekey = {
nixosConfigurations = mkOption {
type = types.lazyAttrsOf types.unspecified;
description = "All nixosSystems that should be considered for rekeying.";
default = self.nixosConfigurations;
defaultText = lib.literalExpression "self.nixosConfigurations";
};
homeConfigurations = mkOption {
type = types.lazyAttrsOf types.unspecified;
description = "All home manager configurations that should be considered for rekeying.";
default = { };
# XXX: in case home-manager gets flake-parts integration:
# default = self.homeConfigurations;
# defaultText = lib.literalExpression "self.homeConfigurations";
};
collectHomeManagerConfigurations = mkOption {
type = types.bool;
description = "Whether to collect home manager configurations automatically from specified NixOS configurations.";
default = true;
};
pkgs = mkOption {
type = types.unspecified;
description = "The package set to use when defining agenix-rekey scripts.";
default = pkgs;
defaultText = lib.literalExpression "pkgs # (module argument)";
};
agePackage = mkPackageOption config.agenix-rekey.pkgs "rage" {
extraDescription = ''
Determines the age package used for encrypting / decrypting.
Defaults to `pkgs.rage`. We only guarantee compatibility with
`pkgs.age` and `pkgs.rage`.
'';
};
package = mkOption {
type = types.package;
default = config.agenix-rekey.pkgs.callPackage ./nix/package.nix {
inherit allApps;
};
defaultText = "<agenix script derivation from agenix-rekey>";
readOnly = true;
description = ''
The agenix-rekey wrapper script `agenix`.
We recommend adding this to your devshell so you can execute it easily.
By using the package provided here, you can skip adding the overlay to your pkgs.
Alternatively you can also pass it to your flake outputs (apps or packages).
'';
};
};
}
);
};
}