Make secret path configurable (mainly for container support).

'/secret/hostName' is still required.
2019-08-28 15:56:19 +02:00 · 2019-08-28 15:56:19 +02:00 · fd14a260c0
commit fd14a260c0
parent 7d70e000ce
8 changed files with 18 additions and 11 deletions
--- a/config/nix.nix
+++ b/config/nix.nix
@ -1,4 +1,4 @@
-{ lib, ... }:
+{ config, lib, ... }:

 {
  nix = {
@ -9,7 +9,7 @@
    extraOptions = ''
      build-timeout = 86400  # 24 hours
    '';
-    binaryCachePublicKeys = [ (lib.fileContents /secret/hydra_cache.pub) ];
+    binaryCachePublicKeys = [ (lib.fileContents "${config.machine.secretPath}/hydra_cache.pub") ];
    trustedBinaryCaches = [
      "https://cache.nixos.org"
      "https://cache.ophanim.de"
--- a/config/users.nix
+++ b/config/users.nix
@ -18,8 +18,8 @@ let
        ++ (if config.services.printing.enable then [ "cups" "lp" ] else [])
        ++ (if config.virtualisation.docker.enable then [ "docker"] else []);
      shell = "${pkgs.zsh}/bin/zsh";
-      passwordFile = "/secret/${user.name}";
-      openssh.authorizedKeys.keyFiles = if config.services.openssh.enable then [ "/secret/${user.name}.pub" ] else [];
+      passwordFile = "${config.machine.secretPath}/${user.name}";
+      openssh.authorizedKeys.keyFiles = if config.services.openssh.enable then [ "${config.machine.secretPath}/${user.name}.pub" ] else [];
    };
  };