Generic secrets for pgp keys.
This commit is contained in:
Tom Alexander
@@ -13,5 +13,6 @@ symlinkJoin {
|
||||
++ (builtins.attrValues k8s.client-configs)
|
||||
++ (builtins.attrValues k8s.ssh-keys)
|
||||
++ (builtins.attrValues k8s.pgp-keys)
|
||||
++ (builtins.attrValues k8s.k8s-ssh-secrets);
|
||||
++ (builtins.attrValues k8s.k8s-ssh-secrets)
|
||||
++ (builtins.attrValues k8s.k8s-secrets-generic);
|
||||
}
|
||||
|
||||
52
nix/kubernetes/keys/package/k8s-secret-generic/package.nix
Normal file
52
nix/kubernetes/keys/package/k8s-secret-generic/package.nix
Normal file
@@ -0,0 +1,52 @@
|
||||
# unpackPhase
|
||||
# patchPhase
|
||||
# configurePhase
|
||||
# buildPhase
|
||||
# checkPhase
|
||||
# installPhase
|
||||
# fixupPhase
|
||||
# installCheckPhase
|
||||
# distPhase
|
||||
{
|
||||
lib,
|
||||
pkgs,
|
||||
stdenv,
|
||||
k8s,
|
||||
kubectl,
|
||||
secret_name,
|
||||
secret_namespace,
|
||||
secret_values ? { },
|
||||
...
|
||||
}:
|
||||
let
|
||||
toBase64 = (pkgs.callPackage ../../contrib/base64/package.nix { inherit lib; }).toBase64;
|
||||
secret_yaml = {
|
||||
apiVersion = "v1";
|
||||
kind = "Secret";
|
||||
metadata = {
|
||||
name = "${secret_name}";
|
||||
namespace = "${secret_namespace}";
|
||||
};
|
||||
data = (builtins.mapAttrs (key: val: (toBase64 val)) secret_values);
|
||||
};
|
||||
settingsFormat = pkgs.formats.yaml { };
|
||||
yaml_body = settingsFormat.generate "${secret_name}.yaml" secret_yaml;
|
||||
yaml_file = pkgs.writeTextFile {
|
||||
name = "${secret_name}.yaml";
|
||||
text = (builtins.readFile yaml_body);
|
||||
};
|
||||
in
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
name = "k8s-secret-generic-${secret_name}";
|
||||
nativeBuildInputs = [ kubectl ];
|
||||
buildInputs = [ ];
|
||||
|
||||
unpackPhase = "true";
|
||||
|
||||
# lib.attrsets.mapAttrsToList
|
||||
|
||||
installPhase = ''
|
||||
mkdir "$out"
|
||||
cp "${yaml_file}" "$out/${secret_name}.yaml"
|
||||
'';
|
||||
})
|
||||
Reference in New Issue
Block a user