diff options
author | pennae <pennae.git@quasiparticle.net> | 2023-01-16 11:05:02 +0100 |
---|---|---|
committer | pennae <pennae.git@quasiparticle.net> | 2023-01-16 11:07:37 +0100 |
commit | 464357bc5a0cbbcea1810c131abaa050fdc63e7d (patch) | |
tree | 6e077a2c887c02f8bae770a9a5b1626ada5205db /modules/default.nix | |
parent | ac1fdf380945fa62b2665a0d4163f2316c68ca5f (diff) | |
download | seacrit-main.tar.gz seacrit-main.tar.xz seacrit-main.zip |
convert to md docsmain
Diffstat (limited to 'modules/default.nix')
-rw-r--r-- | modules/default.nix | 44 |
1 files changed, 25 insertions, 19 deletions
diff --git a/modules/default.nix b/modules/default.nix index f187a8f..f50d0a2 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,4 +1,4 @@ -{ pkgs, config, lib, ... }: +{ pkgs, config, lib, options, ... }: with lib; @@ -19,25 +19,25 @@ let path = mkOption { type = types.path; readOnly = true; - description = "Decrypted secret path. Read-only, for use in interpolations."; + description = mdDoc "Decrypted secret path. Read-only, for use in interpolations."; }; owner = mkOption { default = "root"; type = types.str; - description = "Owner of decrypted secret."; + description = mdDoc "Owner of decrypted secret."; }; group = mkOption { default = "root"; type = types.str; - description = "Group of decrypted secret."; + description = mdDoc "Group of decrypted secret."; }; mode = mkOption { default = "0400"; type = types.str; - description = "Mode of decrypted secret, as in chmod."; + description = mdDoc "Mode of decrypted secret, as in chmod."; }; }; @@ -78,7 +78,7 @@ in options.seacrit = { storePath = mkOption { type = types.nullOr types.path; - description = '' + description = mdDoc '' Store path to pull secrets from during build. Must contain a secrets.nix file describing all secrets. ''; @@ -87,47 +87,48 @@ in hostID = mkOption { type = types.str; - description = "Identifier of this host in the registry."; + description = mdDoc "Identifier of this host in the registry."; default = config.networking.hostName; + defaultText = literalExpression "config.networking.hostName"; }; registry = mkOption { - type = types.submodule { + type = types.submodule (args: { options = { users = mkOption { type = types.attrsOf types.str; - description = "Users the secrets system knows about, and their public keys."; + description = mdDoc "Users the secrets system knows about, and their public keys."; default = []; }; hosts = mkOption { type = types.attrsOf types.str; - description = '' + description = mdDoc '' Hosts the secrets system knows about, and their public keys. Keys are matched against - <option>seacrit.hostID</option>. + {option}`${options.seacrit.hostID}`. ''; default = []; }; default = mkOption { type = types.listOf types.str; - description = "Keys with access to all secrets configured here."; + description = mdDoc "Keys with access to all secrets configured here."; default = []; }; secrets = mkOption { type = types.attrsOf (types.listOf types.str); - description = '' + description = mdDoc '' Configured secrets, and the keys that can read them. Keys listed in - <option>seacrit.registry.default</option> are added automatically. + {option}`${args.options.default}` are added automatically. ''; default = {}; }; }; - }; + }); readOnly = true; - description = "Content of <literal>${storePath}/secrets.nix<literal>."; - example = literalExample '' + description = mdDoc "Content of `\${${options.seacrit.storePath}}/secrets.nix`."; + example = literalExpression '' rec { users = { deploy = "<one age public key>"; @@ -157,12 +158,17 @@ in (concatMap (k: optional (elem k.type [ "ed25519" "rsa" ]) k.path) config.services.openssh.hostKeys); - description = "Paths to keys used for secret decryption. All age key types are supported."; + defaultText = literalMD '' + compatible keys from ${options.services.openssh.hostKeys} (ie ed25519 and rsa) + ''; + description = mdDoc '' + Paths to keys used for secret decryption. All age key types are supported. + ''; }; secrets = mkOption { type = types.attrsOf secret; - description = "Configuration for individual secrets configured through the registry."; + description = mdDoc "Configuration for individual secrets configured through the registry."; default = {}; }; }; |