22 lines
562 B
Nix
22 lines
562 B
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
let
|
|
hostname = config.instance.hostname;
|
|
has-secret-files = hasAttr "files" config.fudo.secrets;
|
|
try-attr = attr: set: if (hasAttr attr set) then set.${attr} else null;
|
|
|
|
in {
|
|
config = mkIf has-secret-files {
|
|
fudo.secrets.host-secrets.${hostname} = let
|
|
keytab-file = try-attr hostname config.fudo.secrets.files.host-keytabs;
|
|
in mkIf (keytab-file != null) {
|
|
host-keytab = {
|
|
source-file = keytab-file;
|
|
target-file = "/etc/krb5.keytab";
|
|
user = "root";
|
|
};
|
|
};
|
|
};
|
|
}
|