machine_setup/nix/kubernetes/keys/package/k8s-secret-ssh/package.nix

# unpackPhase
# patchPhase
# configurePhase
# buildPhase
# checkPhase
# installPhase
# fixupPhase
# installCheckPhase
# distPhase
{
  stdenv,
  k8s,
  kubectl,
  secret_name,
  secret_namespace,
  ssh_key_name,
  ...
}:
stdenv.mkDerivation (finalAttrs: {
  name = "k8s-secret-ssh-${secret_name}";
  nativeBuildInputs = [ kubectl ];
  buildInputs = [ ];

  unpackPhase = "true";

  buildPhase = ''
    kubectl create secret generic ${secret_name} \
      --namespace ${secret_namespace} \
      --from-file=identity=${k8s.ssh-keys."${ssh_key_name}"}/${ssh_key_name} \
      --from-file=identity.pub=${k8s.ssh-keys."${ssh_key_name}"}/${ssh_key_name}.pub \
      --dry-run=client -o yaml > ${secret_name}.yaml
  '';
  # --from-file=known_hosts=$(OUT)/known_hosts \

  installPhase = ''
    mkdir "$out"
    cp "${secret_name}.yaml" $out/
  '';
})
Generate kubernetes secrets for ssh keys. 2025-12-21 18:45:49 -05:00			`# unpackPhase`
			`# patchPhase`
			`# configurePhase`
			`# buildPhase`
			`# checkPhase`
			`# installPhase`
			`# fixupPhase`
			`# installCheckPhase`
			`# distPhase`
			`{`
			`stdenv,`
			`k8s,`
			`kubectl,`
			`secret_name,`
			`secret_namespace,`
			`ssh_key_name,`
			`...`
			`}:`
			`stdenv.mkDerivation (finalAttrs: {`
			`name = "k8s-secret-ssh-${secret_name}";`
			`nativeBuildInputs = [ kubectl ];`
			`buildInputs = [ ];`

			`unpackPhase = "true";`

			`buildPhase = ''`
			`kubectl create secret generic ${secret_name} \`
			`--namespace ${secret_namespace} \`
			`--from-file=identity=${k8s.ssh-keys."${ssh_key_name}"}/${ssh_key_name} \`
			`--from-file=identity.pub=${k8s.ssh-keys."${ssh_key_name}"}/${ssh_key_name}.pub \`
			`--dry-run=client -o yaml > ${secret_name}.yaml`
			`'';`
			`# --from-file=known_hosts=$(OUT)/known_hosts \`

			`installPhase = ''`
			`mkdir "$out"`
			`cp "${secret_name}.yaml" $out/`
			`'';`
			`})`