2024-12-23 17:02:30 +01:00
|
|
|
|
{ config, lib, ... }:
|
2024-11-27 14:26:48 +01:00
|
|
|
|
{
|
|
|
|
|
|
age.generators.argon2id =
|
|
|
|
|
|
{
|
|
|
|
|
|
pkgs,
|
|
|
|
|
|
lib,
|
|
|
|
|
|
decrypt,
|
|
|
|
|
|
deps,
|
|
|
|
|
|
...
|
|
|
|
|
|
}:
|
|
|
|
|
|
let
|
|
|
|
|
|
dep = builtins.head deps;
|
|
|
|
|
|
in
|
|
|
|
|
|
''
|
|
|
|
|
|
echo " -> Deriving argon2id hash from �[32m"${lib.escapeShellArg dep.host}":�[m�[33m"${lib.escapeShellArg dep.name}"�[m" >&2
|
|
|
|
|
|
${decrypt} ${lib.escapeShellArg dep.file} \
|
|
|
|
|
|
| tr -d '\n' \
|
|
|
|
|
|
| ${pkgs.libargon2}/bin/argon2 "$(${pkgs.openssl}/bin/openssl rand -base64 16)" -id -e \
|
|
|
|
|
|
|| die "Failure while generating argon2id hash"
|
|
|
|
|
|
'';
|
2024-12-23 17:02:30 +01:00
|
|
|
|
secrets.secretFiles =
|
|
|
|
|
|
let
|
|
|
|
|
|
local = config.node.secretsDir + "/secrets.nix.age";
|
|
|
|
|
|
in
|
|
|
|
|
|
lib.optionalAttrs (config.node.name != null && lib.pathExists local) { inherit local; };
|
2024-11-27 14:26:48 +01:00
|
|
|
|
}
|
