From 44cbc123e6c5f6e973bfa62047c4a818191154bc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 20 Feb 2021 15:20:27 +0000 Subject: [PATCH] home: add home-manager specific secrets module --- home/default.nix | 1 + home/secrets/.gitattributes | 3 +++ home/secrets/canary | Bin 0 -> 32 bytes home/secrets/default.nix | 19 +++++++++++++++++++ 4 files changed, 23 insertions(+) create mode 100644 home/secrets/.gitattributes create mode 100644 home/secrets/canary create mode 100644 home/secrets/default.nix diff --git a/home/default.nix b/home/default.nix index b58e01e..c29a07c 100644 --- a/home/default.nix +++ b/home/default.nix @@ -8,6 +8,7 @@ ./jq.nix ./packages.nix ./pager.nix + ./secrets # Home-manager specific secrets ./tmux.nix ./zsh ]; diff --git a/home/secrets/.gitattributes b/home/secrets/.gitattributes new file mode 100644 index 0000000..a741d4d --- /dev/null +++ b/home/secrets/.gitattributes @@ -0,0 +1,3 @@ +* filter=git-crypt diff=git-crypt +.gitattributes !filter !diff +/default.nix !filter !diff diff --git a/home/secrets/canary b/home/secrets/canary new file mode 100644 index 0000000000000000000000000000000000000000..e910ea3aafe746337b1ea57a9ff37d62d58d350f GIT binary patch literal 32 ocmZQ@_Y83kiVO&0c*b>ed6DJsmgBoNPv87j#HqYCqGs6~0N0cb+yDRo literal 0 HcmV?d00001 diff --git a/home/secrets/default.nix b/home/secrets/default.nix new file mode 100644 index 0000000..356c213 --- /dev/null +++ b/home/secrets/default.nix @@ -0,0 +1,19 @@ +{ lib, pkgs, ... }: + +with lib; +let + canaryHash = builtins.hashFile "sha256" ./canary; + expectedHash = + "9df8c065663197b5a1095122d48e140d3677d860343256abd5ab6e4fb4c696ab"; +in +if canaryHash != expectedHash then + abort "Secrets are not readable. Have you run `git-crypt unlock`?" +else { + options.my.secrets = mkOption { + type = types.attrs; + }; + + config.my.secrets = { + # Home-manager secrets go here + }; +}