automatically import secrets into nixos

2023-08-23 11:58:12 +02:00
parent ed1d28f20b
commit 63bb9395fd
17 changed files with 196 additions and 7 deletions
--- a/checks/secrets/default.nix
+++ b/checks/secrets/default.nix
@@ -0,0 +1,16 @@
+(import ../lib/test-base.nix) {
+  name = "secrets";
+
+  nodes.machine = { self, config, ... }: {
+    imports = [
+      self.nixosModules.secrets
+    ];
+    environment.etc."secret".source = config.sops.secrets.foo.path;
+    sops.age.keyFile = ./key.age;
+    clan.sops.sopsDirectory = ./sops;
+    networking.hostName = "machine";
+  };
+  testScript = ''
+    machine.succeed("cat /etc/secret >&2")
+  '';
+}