nixfiles/lib/containerLib.nix

{lib, ...}: let
  inherit (lib.lists) forEach;
  inherit (lib.modules) mkMerge;
  inherit (builtins) isString;
in rec {
  genBindMountForSecret = secrets: secretItem: let
    secret =
      if isString secretItem
      then secrets.${secretItem}
      else secrets.${secretItem.name};

    hostPath = secret.path;

    containerPath =
      if isString secretItem
      then hostPath
      else secretItem.path;

    writable =
      if isString secretItem
      then
        (
          if secretItem ? "writable"
          then secretItem.writable
          else false
        )
      else false;
  in {
    "${containerPath}" = {
      inherit hostPath;
      isReadOnly = !writable;
    };
  };

  genBindHostsForSecrets = secrets: secrets_list: (
    mkMerge (forEach secrets_list (
      secretItem:
        genBindMountForSecret secrets secretItem
    ))
  );
}
major tidy 2023-09-18 03:56:58 +01:00			`{lib, ...}: let`
			`inherit (lib.lists) forEach;`
			`inherit (lib.modules) mkMerge;`
			`inherit (builtins) isString;`
			`in rec {`
			`genBindMountForSecret = secrets: secretItem: let`
			`secret =`
			`if isString secretItem`
			`then secrets.${secretItem}`
			`else secrets.${secretItem.name};`

			`hostPath = secret.path;`

			`containerPath =`
			`if isString secretItem`
			`then hostPath`
			`else secretItem.path;`

			`writable =`
			`if isString secretItem`
			`then`
			`(`
			`if secretItem ? "writable"`
			`then secretItem.writable`
			`else false`
			`)`
			`else false;`
			`in {`
			`"${containerPath}" = {`
			`inherit hostPath;`
			`isReadOnly = !writable;`
			`};`
			`};`

			`genBindHostsForSecrets = secrets: secrets_list: (`
			`mkMerge (forEach secrets_list (`
			`secretItem:`
			`genBindMountForSecret secrets secretItem`
			`))`
			`);`
			`}`