device-templates.nix: futile decryption attempts
This commit is contained in:
parent
1e0201b429
commit
d2a3d8a3c6
|
@ -3,7 +3,47 @@
|
|||
with pkgs.lib;
|
||||
let
|
||||
loadYaml = import ./load-yaml.nix { inherit pkgs; };
|
||||
|
||||
# Swap with the real one if you don't have the key:
|
||||
decryptMessage = _: "encrypted";
|
||||
|
||||
_decryptMessage = x:
|
||||
let
|
||||
keyFile = requireFile {
|
||||
name = "salt-gpg.asc";
|
||||
sha256 = "";
|
||||
message = ''
|
||||
GPG private key not found.
|
||||
|
||||
If you still want to build the scripts, search "#decryptMessage" in salt-pillar.nix.
|
||||
'';
|
||||
};
|
||||
cleartextFile = pkgs.runCommandLocal "decrypted-salt-value" {
|
||||
nativeBuildInputs = [ pkgs.gpg ];
|
||||
} ''
|
||||
export GNUPGHOME=$(mktemp -d)
|
||||
gpg --import ${keyFile}
|
||||
gpg -d > $out << EOF
|
||||
${x}
|
||||
EOF
|
||||
'';
|
||||
in
|
||||
builtins.readFile cleartextFile;
|
||||
|
||||
decrypt = x:
|
||||
if builtins.isString x
|
||||
then if builtins.substring 0 27 x == "-----BEGIN PGP MESSAGE-----"
|
||||
then decryptMessage x
|
||||
else x
|
||||
else if builtins.isList x
|
||||
then map decrypt x
|
||||
else if builtins.isAttrs x
|
||||
then builtins.mapAttrs (_: decrypt) x
|
||||
else x;
|
||||
|
||||
in
|
||||
builtins.foldl' (result: filename:
|
||||
recursiveUpdate result (loadYaml filename)
|
||||
) {} (filesystem.listFilesRecursive ../../../../salt-pillar)
|
||||
decrypt (
|
||||
builtins.foldl' (result: filename:
|
||||
recursiveUpdate result (loadYaml filename)
|
||||
) {} (filesystem.listFilesRecursive ../../../../salt-pillar)
|
||||
)
|
||||
|
|
|
@ -40,8 +40,8 @@ let
|
|||
'' +
|
||||
builtins.concatStringsSep "\n" (
|
||||
map (hostname:
|
||||
"ln -s ${config.site.device-scripts.${hostname}} $out/bin/${hostname}.sh"
|
||||
) (builtins.attrNames config.site.device-scripts)
|
||||
"ln -s ${device-scripts.${hostname}} $out/bin/${hostname}.sh"
|
||||
) (builtins.attrNames device-scripts)
|
||||
)
|
||||
);
|
||||
in
|
||||
|
|
Loading…
Reference in New Issue