2022-03-14 23:34:33 +00:00
|
|
|
{ lib, config, ... }:
|
|
|
|
|
|
|
|
|
|
let
|
2022-03-20 17:47:52 +00:00
|
|
|
inherit (lib) mkOption types mkMerge mapAttrsToList mkBefore;
|
2022-03-14 23:34:33 +00:00
|
|
|
in {
|
|
|
|
|
options.my.apps = mkOption {
|
|
|
|
|
type = types.attrsOf (types.submodule ({ name, ... }: {
|
|
|
|
|
options = {
|
|
|
|
|
resourceName = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
default = "app_${name}";
|
|
|
|
|
internal = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
policy = mkOption {
|
|
|
|
|
type = types.lines;
|
|
|
|
|
};
|
|
|
|
|
};
|
2022-03-20 17:47:52 +00:00
|
|
|
|
|
|
|
|
config = {
|
|
|
|
|
policy = mkBefore ''
|
|
|
|
|
path "kv/data/apps/${name}" {
|
|
|
|
|
capabilities = ["read"]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
path "kv/metadata/apps/${name}" {
|
|
|
|
|
capabilities = ["read"]
|
|
|
|
|
}
|
|
|
|
|
'';
|
|
|
|
|
};
|
2022-03-14 23:34:33 +00:00
|
|
|
}));
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
config.resource = mkMerge (mapAttrsToList (appName: appCfg: {
|
|
|
|
|
vault_policy.${appCfg.resourceName} = {
|
|
|
|
|
name = "app/${appName}";
|
|
|
|
|
policy = appCfg.policy;
|
|
|
|
|
};
|
|
|
|
|
}) config.my.apps);
|
|
|
|
|
}
|
