nix-config/home/secrets/default.nix

{ lib, ... }:

with lib;
let
  throwOnCanary =
    let
      canaryHash = builtins.hashFile "sha256" ./canary;
      expectedHash =
        "9df8c065663197b5a1095122d48e140d3677d860343256abd5ab6e4fb4c696ab";
    in
    if canaryHash != expectedHash
    then throw "Secrets are not readable. Have you run `git-crypt unlock`?"
    else id;
in
throwOnCanary {
  options.my.secrets = mkOption {
    type =
      let
        valueType = with types; oneOf [
          int
          str
          (attrsOf valueType)
        ];
      in
      valueType;
  };

  config.my.secrets = {
    # Home-manager secrets go here
  };
}
home: secrets: remove unused 'pkgs' attribute 2021-03-08 19:59:22 +01:00			`{ lib, ... }:`
home: add home-manager specific secrets module 2021-02-20 16:20:27 +01:00
			`with lib;`
			`let`
home: secrets: clean-up 'default.nix' 2021-06-12 20:35:28 +02:00			`throwOnCanary =`
			`let`
			`canaryHash = builtins.hashFile "sha256" ./canary;`
			`expectedHash =`
			`"9df8c065663197b5a1095122d48e140d3677d860343256abd5ab6e4fb4c696ab";`
			`in`
			`if canaryHash != expectedHash`
			then throw "Secrets are not readable. Have you run `git-crypt unlock`?"
			`else id;`
home: add home-manager specific secrets module 2021-02-20 16:20:27 +01:00			`in`
home: secrets: clean-up 'default.nix' 2021-06-12 20:35:28 +02:00			`throwOnCanary {`
home: add home-manager specific secrets module 2021-02-20 16:20:27 +01:00			`options.my.secrets = mkOption {`
home: secrets: use more specific type I will amend it if I need more types, but for now this is fine. 2021-06-27 19:48:42 +02:00			`type =`
			`let`
			`valueType = with types; oneOf [`
			`int`
			`str`
			`(attrsOf valueType)`
			`];`
			`in`
			`valueType;`
home: add home-manager specific secrets module 2021-02-20 16:20:27 +01:00			`};`

			`config.my.secrets = {`
			`# Home-manager secrets go here`
			`};`
			`}`