38 lines
855 B
Nix
38 lines
855 B
Nix
|
{ lib, config, ... }:
|
||
|
|
||
|
let
|
||
|
inherit (lib) mkOption types mkMerge mapAttrsToList;
|
||
|
in {
|
||
|
options.my.apps = mkOption {
|
||
|
type = types.attrsOf (types.submodule ({ name, ... }: {
|
||
|
options = {
|
||
|
resourceName = mkOption {
|
||
|
type = types.str;
|
||
|
default = "app_${name}";
|
||
|
internal = true;
|
||
|
};
|
||
|
|
||
|
policy = mkOption {
|
||
|
type = types.lines;
|
||
|
default = ''
|
||
|
path "kv/data/apps/${name}" {
|
||
|
capabilities = ["read"]
|
||
|
}
|
||
|
|
||
|
path "kv/metadata/apps/${name}" {
|
||
|
capabilities = ["read"]
|
||
|
}
|
||
|
'';
|
||
|
};
|
||
|
};
|
||
|
}));
|
||
|
};
|
||
|
|
||
|
config.resource = mkMerge (mapAttrsToList (appName: appCfg: {
|
||
|
vault_policy.${appCfg.resourceName} = {
|
||
|
name = "app/${appName}";
|
||
|
policy = appCfg.policy;
|
||
|
};
|
||
|
}) config.my.apps);
|
||
|
}
|