Skip to content

Commit 93bbd97

Browse files
MartinNikovMartinNikov
committed
wip
1 parent bc32ae5 commit 93bbd97

File tree

1 file changed

+19
-1
lines changed

1 file changed

+19
-1
lines changed

packages/secret/default.nix

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ in
1111
#!/usr/bin/env bash
1212
set -euo pipefail
1313
14+
machine-folder="./."
1415
machine=""
1516
service=""
1617
secret=""
@@ -22,6 +23,9 @@ in
2223
--machine=*)
2324
machine="''${1#*=}"
2425
;;
26+
--machine-folder=*)
27+
machine-folder="''${1#*=}"
28+
;;
2529
--service=*)
2630
service="''${1#*=}"
2731
;;
@@ -43,6 +47,8 @@ in
4347
you are using agenix. Secret must be used with mcl-secrets and mcl-host-info\n\
4448
modules from nixos-modules repository to work properly.\n\n\
4549
OPTIONS\n\
50+
--machine-folder - The machine folder. Specifying this will save the secret\n\
51+
directly to the /machine-folder/machine/secrets/service/, if it exists.\n\
4652
--machine - Machine for which you want to create a secret.\n\
4753
--service - Service for which you want to create a secret.\n\
4854
--secret - Secret you want to encrypt.\n\
@@ -57,16 +63,28 @@ in
5763
shift
5864
done
5965
66+
67+
6068
if [[ -z "$machine" || -z "$service" || -z "$secret" ]]; then
6169
echo "You must specify machine, service, and secret"
6270
exit 1
6371
fi
6472
73+
if [ "$machine-folder != "./." ]; then
74+
secrets-folder="$machine-folder/$machine/secrets/$service"
75+
if [ ! -d "$secrets-folder" ]; then
76+
echo "$secrets-folder doesn\'t exist. Create it or go directly into the folder and don\'t specify the machine-folder option.";
77+
exit 1
78+
fi
79+
else
80+
secrets-folder="./."
81+
fi
82+
6583
if [ "$vm" = "true" ]; then
6684
RULES="$(nix eval --raw ".#nixosConfigurations.$machine-vm.config.virtualisation.vmVariant.mcl.secrets.services.$service.nix-file")"
6785
else
6886
RULES="$(nix eval --raw ".#nixosConfigurations.$machine.config.mcl.secrets.services.$service.nix-file")"
6987
fi
70-
"${agenix}/bin/agenix" -e "$secret.age"
88+
"${agenix}/bin/agenix" -e "$secrets-folder/$secret.age"
7189
'';
7290
}

0 commit comments

Comments
 (0)