Skip to content

Commit

Permalink
Fix broken secret symlinks on not-non-nixos systems
Browse files Browse the repository at this point in the history
  • Loading branch information
rake5k committed Oct 17, 2023
1 parent 66b29b2 commit 1e731fa
Show file tree
Hide file tree
Showing 4 changed files with 14 additions and 17 deletions.
1 change: 0 additions & 1 deletion home/programs/logseq/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@ in
enable = true;
identities = [ sshKey sshPubKey ];
};
roles.homeage.secrets = [ sshKey sshPubKey ];
};

home.packages = [ pkgs.logseq ];
Expand Down
18 changes: 7 additions & 11 deletions home/programs/ssh/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,10 @@ let

cfg = config.custom.programs.ssh;

inherit (config.custom.roles.homeage) secretsPath;
sshDirectory = ".ssh";
mkFileEntry = identity: {
name = "${sshDirectory}/${identity}";
value = {
# Using `mkOutOfStoreSymlink` as a workaround for files not being created on activation:
# https://github.com/jordanisaacs/homeage/issues/42
source = config.lib.file.mkOutOfStoreSymlink "${secretsPath}/${identity}";
};
sshDirectory = "${config.xdg.dataHome}/.ssh";
mkHomeageFile = identity: nameValuePair identity {
source = "${config.custom.roles.homeage.secretsSourcePath}/${identity}.age";
symlinks = [ "${sshDirectory}/${identity}" ];
};

in
Expand All @@ -33,8 +28,9 @@ in
};

config = mkIf cfg.enable {
custom.roles.homeage.secrets = cfg.identities;
home.file = listToAttrs (map mkFileEntry cfg.identities);
custom.roles.homeage.enable = true;

homeage.file = listToAttrs (map mkHomeageFile cfg.identities);
programs.ssh.enable = true;
};
}
11 changes: 7 additions & 4 deletions home/roles/homeage/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,8 @@ let

cfg = config.custom.roles.homeage;

secretsSourcePath = "${inputs.self}/secrets/${config.home.username}";

mkHomeageFile = secret: nameValuePair secret {
path = secret;
source = "${secretsSourcePath}/${secret}.age";
source = "${cfg.secretsSourcePath}/${secret}.age";
symlinks = [ "${cfg.secretsPath}/${secret}" ];
};

Expand All @@ -27,6 +24,12 @@ in
description = "Secrets to install.";
};

secretsSourcePath = mkOption {
type = types.path;
default = "${inputs.self}/secrets/${config.home.username}";
description = "Default source path of the encrypted files.";
};

secretsPath = mkOption {
type = types.path;
default = "${config.xdg.dataHome}/secrets";
Expand Down
1 change: 0 additions & 1 deletion home/roles/mobile/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@ in
};

roles = {
homeage.secrets = [ logseqSshKey logseqSshPubKey ];
mobile.bin.enable = true;
};
};
Expand Down

0 comments on commit 1e731fa

Please sign in to comment.