Luke Granger-Brown
a9cb53fa16
This is a file-type variable which contains the original mapping of VARIABLE_NAME to VARIABLE_DATA. This can be used to automatically repopulate a repository with secrets that were originally taken from it and transmitted via GitLab variables (i.e. out-of-band).
42 lines
1.3 KiB
Nix
42 lines
1.3 KiB
Nix
{ pkgs, lib, depot, ... }:
|
|
let
|
|
secretsync = pkgs.buildGoModule rec {
|
|
pname = "secretsync";
|
|
version = "0.0.1";
|
|
|
|
src = ./.;
|
|
modSha256 = "17m97rfxwbq7vvggvjkxrzakvlk83n0caciv80d50hgdljs3ks0m";
|
|
|
|
subPackages = [ "." ];
|
|
|
|
meta = with lib; {
|
|
description = "Simple package for dumping secret files from disk to GitLab variables";
|
|
};
|
|
};
|
|
in secretsync // {
|
|
configure = baseConfig:
|
|
let
|
|
config = {
|
|
name = "secretsync";
|
|
pkg = secretsync;
|
|
gitlabAccessToken = "";
|
|
gitlabEndpoint = "https://hg.lukegb.com";
|
|
gitlabProject = "lukegb/depot";
|
|
variablesToFile = {};
|
|
manifestVariable = "";
|
|
workingDir = "";
|
|
logToStderr = true;
|
|
} // baseConfig;
|
|
args = {
|
|
gitlab_access_token = config.gitlabAccessToken;
|
|
gitlab_endpoint = config.gitlabEndpoint;
|
|
gitlab_project = config.gitlabProject;
|
|
variable_to_file = lib.mapAttrsToList (name: value: "${name}=${value}") config.variablesToFile;
|
|
logtostderr = config.logToStderr;
|
|
} // (if config.manifestVariable == "" then {} else { manifest_variable = config.manifestVariable; });
|
|
in
|
|
pkgs.writeShellScriptBin config.name ''
|
|
cd "${config.workingDir}"
|
|
exec "${config.pkg}/bin/secretsync" ${lib.cli.toGNUCommandLineShell {} args}
|
|
'';
|
|
}
|