Mirrors/home-manager
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
home-manager/modules/programs/awscli.nix
obvionaoe 90388be582
add logic, missing options
2024-05-20 23:51:08 +01:00

88 lines
2.6 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
let
cfg = config.programs.awscli;
iniFormat = pkgs.formats.ini { };
settingsPath =
if config.programs.awscli.settings.path != ""
then config.programs.awscli.settings.path
else "${config.home.homeDirectory}/.aws/config";
credentialsPath =
if config.programs.awscli.credentials.path != ""
then config.programs.awscli.credentials.path
else "${config.home.homeDirectory}/.aws/credentials";
in {
meta.maintainers = [ lib.maintainers.anthonyroussel ];
options.programs.awscli = {
enable = lib.mkEnableOption "AWS CLI tool";
package = lib.mkOption {
type = lib.types.package;
default = pkgs.awscli2;
defaultText = lib.literalExpression "pkgs.awscli2";
description = "Package providing {command}`aws`.";
};
settings = lib.mkOption {
type = lib.types.submodule { freeformType = iniFormat.type; };
default = { };
example = lib.literalExpression ''
{
"default" = {
region = "eu-west-3";
output = "json";
};
};
'';
description = "Configuration written to {file}`$HOME/.aws/config`.";
};
credentials = lib.mkOption {
type = lib.types.submodule { freeformType = iniFormat.type; };
default = { };
example = lib.literalExpression ''
{
"default" = {
"credential_process" = "${pkgs.pass}/bin/pass show aws";
};
};
'';
description = ''
Configuration written to {file}`$HOME/.aws/credentials`.
For security reasons, never store cleartext passwords here.
We recommend that you use `credential_process` option to retrieve
the IAM credentials from your favorite password manager during runtime,
or use AWS IAM Identity Center to get short-term credentials.
See <https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-authentication.html>.
'';
};
};
config = lib.mkIf cfg.enable {
home.packages = [ cfg.package ];
home.sessionVariables =
(lib.mkIf (cfg.settings.path != "") {
AWS_CONFIG_FILE = cfg.settings.path;
}) //
(lib.mkIf (cfg.credentials.path != "") {
AWS_SHARED_CREDENTIALS_FILE = cfg.credentials.path;
});
home.file.(settingsPath) =
lib.mkIf (cfg.settings != { }) {
source = iniFormat.generate "aws-config-${config.home.username}"
cfg.settings;
};
home.file.(credentialsPath) =
lib.mkIf (cfg.credentials != { }) {
source = iniFormat.generate "aws-credentials-${config.home.username}"
cfg.credentials;
};
};
}
Reference in a new issue View git blame Copy permalink