have actual implementation for sops secrets

ibizaman · Nov 22, 2024 · 32adec6 · 32adec6
1 parent 7a10a80
commit 32adec6
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,4 +1,6 @@
-# Upcoming Release
+<!---
+
+Template:
 
 ## New Features
 
@@ -8,6 +10,29 @@
 
 ## Other Changes
 
+-->
+
+# v0.2.2 (unreleased)
+
+## User Facing Backwards Compatible Changes
+
+- Fix: add implementation for `sops.nix` module.
+
+## Other Changes
+
+- Use VERSION when rendering manual too.
+
+# v0.2.1
+
+## User Facing Backwards Compatible Changes
+
+- Add `sops.nix` module to `nixosModules.default`.
+
+## Other Changes
+
+- Auto-tagging of git repo when VERSION file gets updated.
+- Add VERSION file to track version.
+
 # v0.2.0
 
 ## New Features

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.2.1
+0.2.2
diff --git a/modules/blocks/sops.nix b/modules/blocks/sops.nix
@@ -1,9 +1,11 @@
-{ lib, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 let
-  inherit (lib) mkOption;
+  inherit (lib) mapAttrs mkOption;
   inherit (lib.types) attrsOf anything submodule;
 
   contracts = pkgs.callPackage ../contracts {};
+
+  cfg = config.shb.sops;
 in
 {
   options.shb.sops = {
@@ -22,7 +24,8 @@ in
               are managed by the [shb.sops.secret.<name>.request](#blocks-sops-options-shb.sops.secret._name_.request) option.
             '';
 
-            type = anything;
+            type = attrsOf anything;
+            default = {};
           };
 
           resultCfg = {
@@ -33,4 +36,10 @@ in
       }));
     };
   };
+
+  config = {
+    sops.secrets = let
+      mkSecret = n: secretCfg: secretCfg.request // secretCfg.settings;
+    in mapAttrs mkSecret cfg.secret;
+  };
 }