newedge/liminix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

(untested) template service for tang encrypted secrets

Browse Source
This commit is contained in:
Daniel Barlow
2024-08-28 22:32:26 +01:00
parent 8a9284af1e
commit a8a19977ca
2 changed files with 41 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
modules/secrets/default.nix
View File

@@ -14,6 +14,10 @@ in {
description = "fetch secrets from external vault with https";
type = liminix.lib.types.serviceDefn;
};
tang = mkOption {
description = "fetch secrets from encrypted local pathname, using tang";
type = liminix.lib.types.serviceDefn;
};
subscriber = mkOption {
description = "wrapper around a service that needs notifying (e.g. restarting) when secrets change";
type = liminix.lib.types.serviceDefn;
@@ -34,7 +38,21 @@ in {
description = "password for HTTP basic auth";
type = types.nullOr types.str;
};
name = mkOption {
description = "service name";
type = types.str;
};
interval = mkOption {
type = types.int;
default = 30;
description = "how often to check the source, in minutes";
};
};
tang = config.system.callService ./tang.nix {
path = mkOption {
description = "encrypted source pathname";
type = types.path;
};
name = mkOption {
description = "service name";
type = types.str;