yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

add option to set defaultGroups for secrets

Browse Source
This commit is contained in:
Jörg Thalheim
2024-02-16 17:03:14 +01:00
parent 052f040017
commit 023b9f4257
13 changed files with 84 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
nixosModules/clanCore/secrets/sops.nix
View File

@@ -22,6 +22,14 @@ let
secrets = filterDir containsMachineOrGroups secretsDir;
in
{
options = {
clanCore.sops.defaultGroups = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
example = [ "admins" ];
description = "The default groups to for encryption use when no groups are specified.";
};
};
config = lib.mkIf (config.clanCore.secretStore == "sops") {
clanCore.secretsDirectory = "/run/secrets";
clanCore.secretsPrefix = config.clanCore.machineName + "-";