simplify secrets file format

Each secret file to be deployed is now backed by one local file. This simplifies 'setup-secrets' and the secret definitions. Also, with the old format it was not possible to add new secrets to secrets.nix in a simple way. Old secrets are automatically converted to the new format when running nix-shell. Using the new option 'nix-bitcoin.secrets', secrets are now directly defined by the services that use them.
2020-01-12 20:52:38 +01:00
parent 314272a228
commit b1e13e9415
15 changed files with 151 additions and 152 deletions
--- a/shell.nix
+++ b/shell.nix
@@ -7,7 +7,7 @@ stdenv.mkDerivation rec {
  name = "nix-bitcoin-environment";

  nixops19_09 = callPackage ./pkgs/nixops {};
-  generate-secrets = callPackage ./pkgs/generate-secrets {};
+  make-secrets = callPackage ./pkgs/generate-secrets/update-and-generate.nix {};

  buildInputs = [ nixops19_09 figlet ];

@@ -19,6 +19,6 @@ stdenv.mkDerivation rec {
    # keys already added to my ssh-agent.
    export SSH_AUTH_SOCK=""
    figlet "nix-bitcoin"
-    (mkdir -p secrets; cd secrets; ${generate-secrets})
+    (mkdir -p secrets; cd secrets; ${make-secrets})
  '';
 }