From a4cce8a561d065c601e682aba52c7b6e0488bc30 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 12 Jun 2021 20:12:19 +0200 Subject: [PATCH] secrets: clean-up 'default.nix' --- secrets/default.nix | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/secrets/default.nix b/secrets/default.nix index 8c34abe..754483d 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -1,14 +1,18 @@ -{ lib, pkgs, ... }: +{ lib, ... }: with lib; let - canaryHash = builtins.hashFile "sha256" ./canary; - expectedHash = - "9df8c065663197b5a1095122d48e140d3677d860343256abd5ab6e4fb4c696ab"; + throwOnCanary = + let + canaryHash = builtins.hashFile "sha256" ./canary; + expectedHash = + "9df8c065663197b5a1095122d48e140d3677d860343256abd5ab6e4fb4c696ab"; + in + if canaryHash != expectedHash + then throw "Secrets are not readable. Have you run `git-crypt unlock`?" + else id; in -if canaryHash != expectedHash then - abort "Secrets are not readable. Have you run `git-crypt unlock`?" -else { +throwOnCanary { options.my.secrets = mkOption { type = types.attrs; }; @@ -50,6 +54,6 @@ else { root.hashedPassword = fileContents ./users/root/password.txt; }; - wireguard = pkgs.callPackage ./wireguard { }; + wireguard = import ./wireguard { inherit lib; }; }; }