depot/ops/vault/cfg/policies-app.nix

38 lines
855 B
Nix
Raw Normal View History

2022-03-14 23:34:33 +00:00
{ lib, config, ... }:
let
inherit (lib) mkOption types mkMerge mapAttrsToList;
in {
options.my.apps = mkOption {
type = types.attrsOf (types.submodule ({ name, ... }: {
options = {
resourceName = mkOption {
type = types.str;
default = "app_${name}";
internal = true;
};
policy = mkOption {
type = types.lines;
default = ''
path "kv/data/apps/${name}" {
capabilities = ["read"]
}
path "kv/metadata/apps/${name}" {
capabilities = ["read"]
}
'';
};
};
}));
};
config.resource = mkMerge (mapAttrsToList (appName: appCfg: {
vault_policy.${appCfg.resourceName} = {
name = "app/${appName}";
policy = appCfg.policy;
};
}) config.my.apps);
}