22 lines
576 B
Nix
22 lines
576 B
Nix
{
|
|
pkgs,
|
|
config,
|
|
...
|
|
}: let
|
|
secrets = config.services.secrets.secrets;
|
|
in {
|
|
systemd.services.auto-secrets = {
|
|
wantedBy = ["multi-user.target"];
|
|
after = ["network.target"];
|
|
path = with pkgs; [bash vault getent];
|
|
script = let
|
|
vault_username = "storage";
|
|
vault_password_file = "${secrets.vault_password.path}";
|
|
in ''
|
|
VAULT_ADDR="https://vault.owo.monster" \
|
|
vault login -no-print -method=userpass username=${vault_username} password=$(cat ${vault_password_file})
|
|
/run/current-system/sw/bin/secrets-init
|
|
'';
|
|
};
|
|
}
|