1 files changed, 16 insertions, 51 deletions

diff --git a/flake.nix b/flake.nix
index d92dda5..51a4f78 100644
--- a/flake.nix
+++ b/flake.nix
@@ -8,54 +8,8 @@
       supportedSystems = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
       forAllSystems = f: nixpkgs.lib.genAttrs supportedSystems (system: f system);
     in {
-    nixosModules.localsecrets =
-      { config, pkgs, lib, ... }:
-      let
-        types = lib.types;
-        cfg = config.localsecrets;
-        keyOpts = {name, ...}: {
-          options = {
-            generate = lib.mkOption {
-              type = types.str;
-            };
-            generatePublic = lib.mkOption {
-              type = types.nullOr types.str;
-            };
-
-            path = lib.mkOption {
-              type = types.str;
-              default = "/var/lib/localsecrets/${name}";
-            };
-
-            publicPath = lib.mkOption {
-              type = types.str;
-              default = ./. + "/public_keys/${name}";
-            };
-          };
-        };
-      in
-      {
-        options = {
-          localsecrets = {
-            enable = lib.mkEnableOption "Deploy localsecrets";
-            secrets = lib.mkOption {
-              type = types.attrsOf (types.submodule keyOpts);
-              default = [];
-            };
-          };
-        };
 
-        config = {
-          environment.systemPackages = [
-            (
-              pkgs.writeScriptBin "localsecrets" ''
-                echo "Secrets I know about:"
-                ${lib.concatMapStrings (secret: "echo ${secret.path}\n") (lib.attrValues cfg.secrets)}
-              ''
-            )
-          ];
-        };
-      };
+    nixosModules.localsecrets = import ./modules/localsecrets;
 
     checks = forAllSystems (system: {
       test =
@@ -65,18 +19,29 @@
           };
         in
           testing.makeTest {
-            nodes.client = { ... }: {
+            nodes.client = { pkgs, lib, ... }: {
               imports = [ self.nixosModules.localsecrets ];
               localsecrets.enable = true;
               localsecrets.secrets.test-secret = {
-                generate = "echo hello";
-                generatePublic = "echo world";
+                generator = pkgs.writeScript "test-secret.sh" ''
+                  #! ${pkgs.bash}/bin/bash
+                  PATH=${lib.makeBinPath (with pkgs; [ coreutils ])}
+                  mkdir -p private public
+                  echo hello > private/key.private
+                  echo world > public/key.public
+                '';
               };
             };
 
             testScript = ''
               start_all()
-              client.succeed("localsecrets")
+              client.wait_for_unit("multi-user.target")
+              private = "/var/lib/localsecrets/private/test-secret/key.private"
+              public = "/var/lib/localsecrets/public/test-secret/key.public"
+              client.succeed("grep hello {}".format(private))
+              client.fail("sudo -u nobody cat {}".format(private))
+              client.succeed("grep world {}".format(public))
+              client.succeed("sudo -u nobody cat {}".format(public))
             '';
           };
     });