treewide: don't reference <secrets> explicitly

author: tv <tv@krebsco.de> 2023-09-11 15:31:13 +0200
committer: tv <tv@krebsco.de> 2023-09-11 16:10:41 +0200
commit: 5370e0485788224126861e076110ac705013d2de (patch)
tree: 15838192c1ebf685733cbf39b3f3e37fd1ebd639 /krebs/3modules/secret.nix
parent: 8fc162ee3d9525a2b45346a1ca8f34ccb5ef971b (diff)
1 files changed, 8 insertions, 4 deletions
diff --git a/krebs/3modules/secret.nix b/krebs/3modules/secret.nix
index 90c2f6a6..c35dceba 100644
--- a/krebs/3modules/secret.nix
+++ b/krebs/3modules/secret.nix
@@ -7,13 +7,17 @@ in {
       default = toString <secrets>;
       type = types.absolute-pathname;
     };
-    file = mkOption {
-      default = relpath: "${cfg.directory}/${relpath}";
-      readOnly = true;
-    };
     files = mkOption {
       type = with pkgs.stockholm.lib.types; attrsOf secret-file;
       default = {};
+      apply = mapAttrs (name: secret-file:
+        if types.absolute-pathname.check secret-file.source-path then
+          secret-file
+        else
+          secret-file // {
+            source-path = "${config.krebs.secret.directory}/secret-file.source-path";
+          }
+      );
     };
   };
   config = lib.mkIf (cfg.files != {}) {
author	tv <tv@krebsco.de>	2023-09-11 15:31:13 +0200
committer	tv <tv@krebsco.de>	2023-09-11 16:10:41 +0200
commit	5370e0485788224126861e076110ac705013d2de (patch)
tree	15838192c1ebf685733cbf39b3f3e37fd1ebd639 /krebs/3modules/secret.nix
parent	8fc162ee3d9525a2b45346a1ca8f34ccb5ef971b (diff)