systems+modules: add secretsDir specialArg

author: seth <[email protected]> 2023-12-10 07:54:17 -0500
committer: seth <[email protected]> 2023-12-10 07:54:25 -0500
commit: e8a112be9a0bf067c8acb3a26cfd183c2f57c513 (patch)
tree: c3b063cc3a8abbeb3e82ca83eb53cc55e86fd569
parent: b68737baf9f8ff6cb6f42b3781b995598bc8ba80 (diff)
10 files changed, 41 insertions, 30 deletions
diff --git a/modules/nixos/features/tailscale.nix b/modules/nixos/features/tailscale.nix
index d29f1e6..59dabf1 100644
--- a/modules/nixos/features/tailscale.nix
+++ b/modules/nixos/features/tailscale.nix
@@ -2,10 +2,10 @@
   config,
   lib,
   pkgs,
+  secretsDir,
   ...
 }: let
   cfg = config.features.tailscale;
-  secretsDir = ../../../secrets/${config.networking.hostName};
 in {
   options.features.tailscale = {
     enable = lib.mkEnableOption "enable support for tailscale";
diff --git a/modules/nixos/server/acme.nix b/modules/nixos/server/acme.nix
index e8f0b78..edb499c 100644
--- a/modules/nixos/server/acme.nix
+++ b/modules/nixos/server/acme.nix
@@ -1,6 +1,10 @@
-{config, ...}: {
+{
+  config,
+  secretsDir,
+  ...
+}: {
   age.secrets = {
-    cloudflareApiKey.file = ../../../secrets/${config.networking.hostName}/cloudflareApiKey.age;
+    cloudflareApiKey.file = secretsDir + "/cloudflareApiKey.age";
   };
 
   security.acme = {
diff --git a/modules/nixos/server/secrets.nix b/modules/nixos/server/secrets.nix
index be323df..1d572bd 100644
--- a/modules/nixos/server/secrets.nix
+++ b/modules/nixos/server/secrets.nix
@@ -1,12 +1,10 @@
-{config, ...}: let
-  baseDir = ../../../secrets/${config.networking.hostName};
-in {
+{secretsDir, ...}: {
   age = {
     identityPaths = ["/etc/age/key"];
 
     secrets = {
-      rootPassword.file = "${baseDir}/rootPassword.age";
-      userPassword.file = "${baseDir}/userPassword.age";
+      rootPassword.file = secretsDir + "/rootPassword.age";
+      userPassword.file = secretsDir + "/userPassword.age";
     };
   };
 }
diff --git a/modules/nixos/services/cloudflared.nix b/modules/nixos/services/cloudflared.nix
index 30aa36b..39ecef7 100644
--- a/modules/nixos/services/cloudflared.nix
+++ b/modules/nixos/services/cloudflared.nix
@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  secretsDir,
   ...
 }: let
   cfg = config.server.services.cloudflared;
@@ -12,7 +13,7 @@ in {
 
   config = mkIf cfg.enable {
     age.secrets.cloudflaredCreds = {
-      file = ../../../secrets/${config.networking.hostName}/cloudflaredCreds.age;
+      file = secretsDir + "/cloudflaredCreds.age";
       mode = "400";
       owner = "cloudflared";
       group = "cloudflared";
diff --git a/modules/nixos/services/hercules.nix b/modules/nixos/services/hercules.nix
index 0060c08..c394da0 100644
--- a/modules/nixos/services/hercules.nix
+++ b/modules/nixos/services/hercules.nix
@@ -2,12 +2,12 @@
   config,
   lib,
   unstable,
+  secretsDir,
   ...
 }: let
   cfg = config.server.services.hercules-ci;
   inherit (lib) mkEnableOption mkIf;
 
-  baseDir = ../../../secrets/${config.networking.hostName};
   hercArgs = {
     mode = "400";
     owner = "hercules-ci-agent";
@@ -23,19 +23,19 @@ in {
     age.secrets = mkIf cfg.secrets.enable {
       binaryCache =
         {
-          file = "${baseDir}/binaryCache.age";
+          file = secretsDir + "/binaryCache.age";
         }
         // hercArgs;
 
       clusterToken =
         {
-          file = "${baseDir}/clusterToken.age";
+          file = secretsDir + "/clusterToken.age";
         }
         // hercArgs;
 
       secretsJson =
         {
-          file = "${baseDir}/secretsJson.age";
+          file = secretsDir + "/secretsJson.age";
         }
         // hercArgs;
     };
diff --git a/systems/atlas/attic.nix b/systems/atlas/attic.nix
index d6e15eb..fe4e67c 100644
--- a/systems/atlas/attic.nix
+++ b/systems/atlas/attic.nix
@@ -1,8 +1,9 @@
-{config, ...}: let
-  kb = 1024;
-in {
-  age.secrets.atticCreds.file =
-    ../../secrets/${config.networking.hostName}/atticCreds.age;
+{
+  config,
+  secretsDir,
+  ...
+}: {
+  age.secrets.atticCreds.file = secretsDir + "/atticCreds.age";
 
   services.atticd = {
     enable = true;
@@ -14,7 +15,9 @@ in {
 
       compression.type = "zstd";
 
-      chunking = {
+      chunking = let
+        kb = 1024;
+      in {
         nar-size-threshold = 64 * kb;
         min-size = 16 * kb;
         avg-size = 64 * kb;
diff --git a/systems/atlas/default.nix b/systems/atlas/default.nix
index 247e134..7b0955a 100644
--- a/systems/atlas/default.nix
+++ b/systems/atlas/default.nix
@@ -1,6 +1,7 @@
 {
   config,
   pkgs,
+  secretsDir,
   ...
 }: {
   imports = [
@@ -18,7 +19,7 @@
     hermetic = false;
   };
 
-  age.secrets.teawiebot.file = ../../secrets/atlas/teawieBot.age;
+  age.secrets.teawiebot.file = secretsDir + "/teawieBot.age";
 
   boot = {
     loader.systemd-boot.enable = true;
diff --git a/systems/atlas/miniflux.nix b/systems/atlas/miniflux.nix
index d25b588..73ed2c6 100644
--- a/systems/atlas/miniflux.nix
+++ b/systems/atlas/miniflux.nix
@@ -1,6 +1,9 @@
-{config, ...}: {
-  age.secrets .miniflux.file =
-    ../../secrets/${config.networking.hostName}/miniflux.age;
+{
+  config,
+  secretsDir,
+  ...
+}: {
+  age.secrets .miniflux.file = secretsDir + "/miniflux.age";
 
   services.miniflux = {
     enable = true;
diff --git a/systems/common.nix b/systems/common.nix
index 77d04c0..b4dc782 100644
--- a/systems/common.nix
+++ b/systems/common.nix
@@ -26,14 +26,12 @@ in {
 
       hmSetup
 
-      ({config, ...}: {
+      ({secretsDir, ...}: {
         age = {
           identityPaths = ["/etc/age/key"];
-          secrets = let
-            baseDir = ../secrets/${config.networking.hostName};
-          in {
-            rootPassword.file = "${baseDir}/rootPassword.age";
-            sethPassword.file = "${baseDir}/sethPassword.age";
+          secrets = {
+            rootPassword.file = secretsDir + "/rootPassword.age";
+            sethPassword.file = secretsDir + "/sethPassword.age";
           };
         };
 
diff --git a/systems/default.nix b/systems/default.nix
index e44b096..2f8c277 100644
--- a/systems/default.nix
+++ b/systems/default.nix
@@ -14,7 +14,10 @@
       (builtins.removeAttrs args ["builder"])
       // {
         modules = args.modules ++ [./${name}];
-        specialArgs = {inherit inputs self;};
+        specialArgs = {
+          inherit inputs self;
+          secretsDir = ../secrets/${name};
+        };
       }
     );
author	seth <[email protected]>	2023-12-10 07:54:17 -0500
committer	seth <[email protected]>	2023-12-10 07:54:25 -0500
commit	e8a112be9a0bf067c8acb3a26cfd183c2f57c513 (patch)
tree	c3b063cc3a8abbeb3e82ca83eb53cc55e86fd569
parent	b68737baf9f8ff6cb6f42b3781b995598bc8ba80 (diff)