Generic secrets for pgp keys.

2025-12-21 19:43:43 -05:00
parent 7e3fa38af6
commit 71d9f5672a
4 changed files with 133 additions and 1 deletions
--- a/nix/kubernetes/keys/package/k8s-keys/package.nix
+++ b/nix/kubernetes/keys/package/k8s-keys/package.nix
@@ -13,5 +13,6 @@ symlinkJoin {
  ++ (builtins.attrValues k8s.client-configs)
  ++ (builtins.attrValues k8s.ssh-keys)
  ++ (builtins.attrValues k8s.pgp-keys)
-  ++ (builtins.attrValues k8s.k8s-ssh-secrets);
+  ++ (builtins.attrValues k8s.k8s-ssh-secrets)
+  ++ (builtins.attrValues k8s.k8s-secrets-generic);
 }
--- a/nix/kubernetes/keys/package/k8s-secret-generic/package.nix
+++ b/nix/kubernetes/keys/package/k8s-secret-generic/package.nix
@@ -0,0 +1,52 @@
+# unpackPhase
+# patchPhase
+# configurePhase
+# buildPhase
+# checkPhase
+# installPhase
+# fixupPhase
+# installCheckPhase
+# distPhase
+{
+  lib,
+  pkgs,
+  stdenv,
+  k8s,
+  kubectl,
+  secret_name,
+  secret_namespace,
+  secret_values ? { },
+  ...
+}:
+let
+  toBase64 = (pkgs.callPackage ../../contrib/base64/package.nix { inherit lib; }).toBase64;
+  secret_yaml = {
+    apiVersion = "v1";
+    kind = "Secret";
+    metadata = {
+      name = "${secret_name}";
+      namespace = "${secret_namespace}";
+    };
+    data = (builtins.mapAttrs (key: val: (toBase64 val)) secret_values);
+  };
+  settingsFormat = pkgs.formats.yaml { };
+  yaml_body = settingsFormat.generate "${secret_name}.yaml" secret_yaml;
+  yaml_file = pkgs.writeTextFile {
+    name = "${secret_name}.yaml";
+    text = (builtins.readFile yaml_body);
+  };
+in
+stdenv.mkDerivation (finalAttrs: {
+  name = "k8s-secret-generic-${secret_name}";
+  nativeBuildInputs = [ kubectl ];
+  buildInputs = [ ];
+
+  unpackPhase = "true";
+
+  # lib.attrsets.mapAttrsToList
+
+  installPhase = ''
+    mkdir "$out"
+    cp "${yaml_file}" "$out/${secret_name}.yaml"
+  '';
+})