3 files changed, 33 insertions, 7 deletions

diff --git a/krebs/5pkgs/simple/populate/default.nix b/krebs/5pkgs/simple/populate/default.nix
index 0880b1d38..62e3ab216 100644
--- a/krebs/5pkgs/simple/populate/default.nix
+++ b/krebs/5pkgs/simple/populate/default.nix
@@ -1,24 +1,27 @@
-{ coreutils, fetchgit, git, gnused, jq, openssh, rsync, stdenv, ... }:
+{ coreutils, fetchgit, findutils, git, gnused, jq, openssh, pass, rsync, stdenv
+}:
 
 let
   PATH = stdenv.lib.makeBinPath [
     coreutils
+    findutils
     git
     gnused
     jq
     openssh
+    pass
     rsync
   ];
 in
 
 stdenv.mkDerivation rec {
   name = "populate";
-  version = "2.0.0";
+  version = "2.1.0";
 
   src = fetchgit {
     url = http://cgit.ni.krebsco.de/populate;
     rev = "refs/tags/v${version}";
-    sha256 = "01cvrg3m2ypg59in1qlr3rd8yzpf002k6pzjls2qb68jwkyf0h2n";
+    sha256 = "0cr50y6h6nps0qgpmi01h0z9wzpv2704y5zgx2salk1grkmvcfmh";
   };
 
   phases = [
diff --git a/krebs/source.nix b/krebs/source.nix
index 73e216900..8fbdce284 100644
--- a/krebs/source.nix
+++ b/krebs/source.nix
@@ -7,9 +7,12 @@ host@{ name, secure ? false }: let
 in
   evalSource (toString _file) {
     nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix";
-    secrets.file = getAttr builder {
-      buildbot = toString <stockholm/krebs/6tests/data/secrets>;
-      krebs = "${getEnv "HOME"}/secrets/krebs/${host.name}";
+    secrets = getAttr builder {
+      buildbot.file = toString <stockholm/krebs/6tests/data/secrets>;
+      krebs.pass = {
+        dir = "${getEnv "HOME"}/brain";
+        name = "krebs-secrets/${name}";
+      };
     };
     stockholm.file = toString <stockholm>;
     nixpkgs.git = {
diff --git a/lib/types.nix b/lib/types.nix
index c3b14d807..b85794925 100644
--- a/lib/types.nix
+++ b/lib/types.nix
@@ -231,7 +231,12 @@ rec {
   source = submodule ({ config, ... }: {
     options = {
       type = let
-        types = ["file" "git" "symlink"];
+        types = [
+          "file"
+          "git"
+          "pass"
+          "symlink"
+        ];
       in mkOption {
         type = enum types;
         default = let
@@ -255,6 +260,10 @@ rec {
         type = nullOr git-source;
         default = null;
       };
+      pass = mkOption {
+        type = nullOr pass-source;
+        default = null;
+      };
       symlink = let
         symlink-target = (symlink-source.getSubOptions "FIXME").target.type;
       in mkOption {
@@ -287,6 +296,17 @@ rec {
     };
   };
 
+  pass-source = submodule {
+    options = {
+      dir = mkOption {
+        type = absolute-pathname;
+      };
+      name = mkOption {
+        type = pathname; # TODO relative-pathname
+      };
+    };
+  };
+
   symlink-source = submodule {
     options = {
       target = mkOption {