2022-10-31 10:41:17 +01:00
|
|
|
{ inputs, lib, config, ... }: {
|
|
|
|
# This file deals with everything requiring `inputs`, the rest being delagated to `common.nix`
|
|
|
|
# this is because we can't import inputs from all contexts as that can lead to infinite recursion.
|
2022-10-31 13:05:45 +01:00
|
|
|
imports = [
|
2022-10-31 10:41:17 +01:00
|
|
|
./common.nix
|
2022-07-30 18:02:40 +02:00
|
|
|
inputs.vault-secrets.nixosModules.vault-secrets
|
2021-10-13 18:17:45 +02:00
|
|
|
];
|
|
|
|
|
2022-10-31 10:41:17 +01:00
|
|
|
nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
|
|
|
|
nix.registry.nixpkgs.flake = inputs.nixpkgs;
|
2021-10-13 18:17:45 +02:00
|
|
|
|
2022-10-01 14:43:26 +02:00
|
|
|
vault-secrets = let
|
|
|
|
inherit (config.networking) domain hostName;
|
|
|
|
server = if domain == "olympus" then "vault" else "vault-0";
|
|
|
|
in lib.mkIf (domain == "olympus" || domain == "hades") {
|
|
|
|
vaultPrefix = "${domain}_secrets/nixos";
|
|
|
|
vaultAddress = "http://${server}.${domain}:8200/";
|
|
|
|
approlePrefix = "${domain}-${hostName}";
|
2021-11-22 00:10:21 +01:00
|
|
|
};
|
2022-10-31 13:05:45 +01:00
|
|
|
}
|