depot/nix/pkgs/secretsync/default.nix
Luke Granger-Brown a9cb53fa16 secretsync: add concept of manifest variable
This is a file-type variable which contains the original mapping of
VARIABLE_NAME to VARIABLE_DATA.

This can be used to automatically repopulate a repository with
secrets that were originally taken from it and transmitted via
GitLab variables (i.e. out-of-band).
2020-05-09 14:26:54 +01:00

42 lines
1.3 KiB
Nix

{ pkgs, lib, depot, ... }:
let
secretsync = pkgs.buildGoModule rec {
pname = "secretsync";
version = "0.0.1";
src = ./.;
modSha256 = "17m97rfxwbq7vvggvjkxrzakvlk83n0caciv80d50hgdljs3ks0m";
subPackages = [ "." ];
meta = with lib; {
description = "Simple package for dumping secret files from disk to GitLab variables";
};
};
in secretsync // {
configure = baseConfig:
let
config = {
name = "secretsync";
pkg = secretsync;
gitlabAccessToken = "";
gitlabEndpoint = "https://hg.lukegb.com";
gitlabProject = "lukegb/depot";
variablesToFile = {};
manifestVariable = "";
workingDir = "";
logToStderr = true;
} // baseConfig;
args = {
gitlab_access_token = config.gitlabAccessToken;
gitlab_endpoint = config.gitlabEndpoint;
gitlab_project = config.gitlabProject;
variable_to_file = lib.mapAttrsToList (name: value: "${name}=${value}") config.variablesToFile;
logtostderr = config.logToStderr;
} // (if config.manifestVariable == "" then {} else { manifest_variable = config.manifestVariable; });
in
pkgs.writeShellScriptBin config.name ''
cd "${config.workingDir}"
exec "${config.pkg}/bin/secretsync" ${lib.cli.toGNUCommandLineShell {} args}
'';
}