From edcc3acea595d3045253c3c2fe2462599c1c54e0 Mon Sep 17 00:00:00 2001
From: Linnnus <linnnus@users.noreply.github.com>
Date: Thu, 7 Sep 2023 16:53:41 +0200
Subject: Reorganize everything

---
 lib/default.nix         |  8 +++++
 lib/secrets.nix         | 92 -------------------------------------------------
 lib/secrets/default.nix | 90 +++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 98 insertions(+), 92 deletions(-)
 create mode 100644 lib/default.nix
 delete mode 100644 lib/secrets.nix
 create mode 100644 lib/secrets/default.nix

(limited to 'lib')

diff --git a/lib/default.nix b/lib/default.nix
new file mode 100644
index 0000000..d896ce2
--- /dev/null
+++ b/lib/default.nix
@@ -0,0 +1,8 @@
+{ ... }:
+
+{
+  imports =
+    [
+      ./secrets
+    ];
+}
diff --git a/lib/secrets.nix b/lib/secrets.nix
deleted file mode 100644
index 401d4a5..0000000
--- a/lib/secrets.nix
+++ /dev/null
@@ -1,92 +0,0 @@
-{ pkgs, config, lib, ... }:
-
-with lib;
-
-let
-  cfg = config.my.secrets;
-
-  secret = types.submodule {
-    options = {
-      source = mkOption {
-        type = types.path;
-        description = "local secret path";
-      };
-
-      dest = mkOption {
-        type = types.str;
-        description = "where to write the decrypted secret to";
-      };
-
-      owner = mkOption {
-        default = "root";
-        type = types.str;
-        description = "who should own the secret";
-      };
-
-      group = mkOption {
-        default = "root";
-        type = types.str;
-        description = "what group should own the secret";
-      };
-
-      permissions = mkOption {
-        default = "0400";
-        type = types.str;
-        description = "Permissions expressed as octal.";
-      };
-    };
-  };
-
-  metadata = lib.importTOML ./metadata.toml;
-
-  mkSecretOnDisk = name:
-    { source, ... }:
-    pkgs.stdenv.mkDerivation {
-      name = "${name}-secret";
-      phases = "installPhase";
-      buildInputs = [ pkgs.rage ];
-      installPhase =
-        let
-          key = metadata.hosts."${config.networking.hostName}".sshPubKey;
-        in
-        ''
-          rage -a -r '${key}' -o "$out" '${source}'
-        '';
-    };
-
-  mkService = name:
-    { source, dest, owner, group, permissions, ... }: {
-      description = "decrypt secret for ${name}";
-      wantedBy = [ "multi-user.target" ];
-
-      serviceConfig.Type = "oneshot";
-
-      script = with pkgs; ''
-        rm -rf ${dest}
-        "${rage}"/bin/rage -d -i /etc/ssh/ssh_host_ed25519_key -o '${dest}' '${
-          mkSecretOnDisk name { inherit source; }
-        }'
-
-        chown '${owner}':'${group}' '${dest}'
-        chmod '${permissions}' '${dest}'
-      '';
-    };
-in
-{
-  options.my.secrets = mkOption {
-    type = types.attrsOf secret;
-    description = "secret configuration";
-    default = { };
-  };
-
-  config.systemd.services =
-    let
-      units = mapAttrs'
-        (name: info: {
-          name = "${name}-key";
-          value = (mkService name info);
-        })
-        cfg;
-    in
-    units;
-}
diff --git a/lib/secrets/default.nix b/lib/secrets/default.nix
new file mode 100644
index 0000000..9592052
--- /dev/null
+++ b/lib/secrets/default.nix
@@ -0,0 +1,90 @@
+{ pkgs, config, lib, metadata, ... }:
+
+with lib;
+
+let
+  cfg = config.my.secrets;
+
+  secret = types.submodule {
+    options = {
+      source = mkOption {
+        type = types.path;
+        description = "local secret path";
+      };
+
+      dest = mkOption {
+        type = types.str;
+        description = "where to write the decrypted secret to";
+      };
+
+      owner = mkOption {
+        default = "root";
+        type = types.str;
+        description = "who should own the secret";
+      };
+
+      group = mkOption {
+        default = "root";
+        type = types.str;
+        description = "what group should own the secret";
+      };
+
+      permissions = mkOption {
+        default = "0400";
+        type = types.str;
+        description = "Permissions expressed as octal.";
+      };
+    };
+  };
+
+  mkSecretOnDisk = name:
+    { source, ... }:
+    pkgs.stdenv.mkDerivation {
+      name = "${name}-secret";
+      phases = "installPhase";
+      buildInputs = [ pkgs.rage ];
+      installPhase =
+        let
+          key = metadata.hosts."${config.networking.hostName}".sshPubKey;
+        in
+        ''
+          rage -a -r '${key}' -o "$out" '${source}'
+        '';
+    };
+
+  mkService = name:
+    { source, dest, owner, group, permissions, ... }: {
+      description = "decrypt secret for ${name}";
+      wantedBy = [ "multi-user.target" ];
+
+      serviceConfig.Type = "oneshot";
+
+      script = with pkgs; ''
+        rm -rf ${dest}
+        "${rage}"/bin/rage -d -i /etc/ssh/ssh_host_ed25519_key -o '${dest}' '${
+          mkSecretOnDisk name { inherit source; }
+        }'
+
+        chown '${owner}':'${group}' '${dest}'
+        chmod '${permissions}' '${dest}'
+      '';
+    };
+in
+{
+  options.my.secrets = mkOption {
+    type = types.attrsOf secret;
+    description = "secret configuration";
+    default = { };
+  };
+
+  config.systemd.services =
+    let
+      units = mapAttrs'
+        (name: info: {
+          name = "${name}-key";
+          value = (mkService name info);
+        })
+        cfg;
+    in
+    units;
+}
-- 
cgit v1.2.3