phoebe/lib/keys.nix

# Functions for working with NixOps keys.
{ lib, ... }:

with lib;

let
  # Where NixOps stores keys:
  keyDirectory = "/run/keys/";

  # Generate a service name:
  mkServiceName = path:
    replaceStrings ["/"] ["-"]
      (removePrefix keyDirectory path + "-key.service");

  funcs = rec {

    /* Test to see if a file path is a NixOps managed key.

       Example:
         isKeyFile "/run/keys/foo"
         => true
         isKeyFile "/etc/passwd"
         => false
    */
    isKeyFile = path:
      if path == null
        then false
        else hasPrefix keyDirectory path;

    /* Returns an array containing a systemd service name that can be
       used to add a 'wants' or 'after' entry for a NixOps key.

       Example:
         keyService "/run/keys/foo"
         => ["foo.service"]
         keyService "/etc/passwd"
         => []
    */
    keyService = path: optional (isKeyFile path) (mkServiceName path);

  };

in funcs
Automatically depending on NixOps key services, new Rails sourcedFile option * Services that need password files will automatically depend on the appropriate NixOps key service as necessary. * New `sourcedFile` option for Rails applications to load a Bash script just before starting the Rails service. Useful for setting secret environment variables. 2019-01-03 14:33:38 -07:00			`# Functions for working with NixOps keys.`
rails: Support background workers and other Rails services/workers The new `services' option is used to request additional processes be run in the background with the same environment as the main Rails process. 2019-01-04 11:17:40 -07:00			`{ lib, ... }:`
Automatically depending on NixOps key services, new Rails sourcedFile option * Services that need password files will automatically depend on the appropriate NixOps key service as necessary. * New `sourcedFile` option for Rails applications to load a Bash script just before starting the Rails service. Useful for setting secret environment variables. 2019-01-03 14:33:38 -07:00
			`with lib;`

			`let`
			`# Where NixOps stores keys:`
			`keyDirectory = "/run/keys/";`

			`# Generate a service name:`
			`mkServiceName = path:`
			`replaceStrings ["/"] ["-"]`
			`(removePrefix keyDirectory path + "-key.service");`

			`funcs = rec {`

			`/* Test to see if a file path is a NixOps managed key.`

			`Example:`
			`isKeyFile "/run/keys/foo"`
			`=> true`
			`isKeyFile "/etc/passwd"`
			`=> false`
			`*/`
			`isKeyFile = path:`
			`if path == null`
			`then false`
			`else hasPrefix keyDirectory path;`

			`/* Returns an array containing a systemd service name that can be`
			`used to add a 'wants' or 'after' entry for a NixOps key.`

			`Example:`
			`keyService "/run/keys/foo"`
			`=> ["foo.service"]`
			`keyService "/etc/passwd"`
			`=> []`
			`*/`
			`keyService = path: optional (isKeyFile path) (mkServiceName path);`

			`};`

			`in funcs`