home: secrets: clean-up 'default.nix'
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
f8325cc9c7
commit
3a471433ed
|
@ -1,14 +1,18 @@
|
||||||
{ lib, ... }:
|
{ lib, ... }:
|
||||||
|
|
||||||
with lib;
|
with lib;
|
||||||
|
let
|
||||||
|
throwOnCanary =
|
||||||
let
|
let
|
||||||
canaryHash = builtins.hashFile "sha256" ./canary;
|
canaryHash = builtins.hashFile "sha256" ./canary;
|
||||||
expectedHash =
|
expectedHash =
|
||||||
"9df8c065663197b5a1095122d48e140d3677d860343256abd5ab6e4fb4c696ab";
|
"9df8c065663197b5a1095122d48e140d3677d860343256abd5ab6e4fb4c696ab";
|
||||||
in
|
in
|
||||||
if canaryHash != expectedHash then
|
if canaryHash != expectedHash
|
||||||
abort "Secrets are not readable. Have you run `git-crypt unlock`?"
|
then throw "Secrets are not readable. Have you run `git-crypt unlock`?"
|
||||||
else {
|
else id;
|
||||||
|
in
|
||||||
|
throwOnCanary {
|
||||||
options.my.secrets = mkOption {
|
options.my.secrets = mkOption {
|
||||||
type = types.attrs;
|
type = types.attrs;
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue