fix derived secrets (all were failing)
This commit is contained in:
parent
464db2c118
commit
3bbc4aecbb
|
@ -1,16 +1,14 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (builtins) toString;
|
||||
inherit (lib) mapAttrs mkOption types;
|
||||
|
||||
hash-path-with-salt = pkgs.static-nix-shell.mkBash {
|
||||
pname = "hash-path-with-salt";
|
||||
src = ./.;
|
||||
};
|
||||
|
||||
|
||||
cfg = config.sane.derived-secrets;
|
||||
secret = types.submodule {
|
||||
secret = with lib; types.submodule {
|
||||
options = {
|
||||
len = mkOption {
|
||||
type = types.int;
|
||||
|
@ -23,7 +21,7 @@ let
|
|||
in
|
||||
{
|
||||
options = {
|
||||
sane.derived-secrets = mkOption {
|
||||
sane.derived-secrets = with lib; mkOption {
|
||||
type = types.attrsOf secret;
|
||||
default = {};
|
||||
description = ''
|
||||
|
@ -36,11 +34,12 @@ in
|
|||
};
|
||||
|
||||
config = {
|
||||
sane.fs = mapAttrs (path: c: {
|
||||
sane.fs = lib.mapAttrs (path: c: {
|
||||
generated.command = [
|
||||
"${hash-path-with-salt}/bin/hash-path-with-salt"
|
||||
path
|
||||
c.encoding
|
||||
(builtins.toString (c.len * 2))
|
||||
];
|
||||
generated.acl.mode = "0600";
|
||||
}) cfg;
|
||||
|
|
|
@ -2,9 +2,10 @@
|
|||
#!nix-shell -i bash
|
||||
file="$1"
|
||||
enc="$2"
|
||||
nibbles="$3"
|
||||
echo "$file" | cat /dev/stdin /etc/ssh/host_keys/ssh_host_ed25519_key \
|
||||
| sha512sum \
|
||||
| cut -c 1-${toString (c.len * 2)} \
|
||||
| cut -c "1-$nibbles" \
|
||||
| tr a-z A-Z \
|
||||
| basenc -d --base16 \
|
||||
| basenc "--$enc" \
|
||||
|
|
Loading…
Reference in New Issue
Block a user