sivizius/nixfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nixfiles/libs/secrets/module/options.nix
Sebastian Walz 860d31cee1
Tohu vaBohu
2023-04-21 00:22:52 +02:00

98 lines
3.5 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ ... }:
{ lib, ... }:
let
inherit(lib) types;
secretType
= types.submodule
{
options
= {
encryptedFile
= lib.mkOption
{
type = types.nullOr types.path;
default = null;
description = "Path to an encrypted secret to decrypt.";
};
generator
= lib.mkOption
{
type = types.nullOr types.str;
default = "[:graph:]";
description = "Generator pattern of token.";
example = "[0-9a-f]";
};
group
= lib.mkOption
{
type = types.nullOr types.str;
default = null;
description
= ''
The group of this secret.
If not set (default), only the owner can read this secret.
However, the group is set to the owners login-group.
'';
example = "network";
};
length
= lib.mkOption
{
type = types.nullOr types.ints.positive;
default = 32;
description = "Length of generated token.";
example = 64;
};
owner
= lib.mkOption
{
type = types.nullOr types.str;
default = "root";
description
= ''
The owner of this secret.
'';
example = "user";
};
type
= lib.mkOption
{
type = types.enum [ "decrypt" "generateEnvFile" "generateToken" ];
description = "Type of this secret.";
};
variables
= lib.mkOption
{
type = types.nullOr (types.listOf types.str);
default = null;
description = "List of secrets to generate an environment file from.";
};
};
};
in
{
key
= lib.mkOption
{
type = types.str;
default = "/var/vault.gpg";
description = "Private pgp-key without passphrase!";
};
secrets
= lib.mkOption
{
type = types.attrsOf secretType;
default = {};
description = "Set of secrets.";
};
vault
= lib.mkOption
{
type = types.str;
default = "/run/vault";
example = "/run/secrets";
description = "Path to the Vault";
};
}
Reference in New Issue View Git Blame Copy Permalink