From ecae28a72fcb81e6078a86a61b562cc970d5043a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 12 Jun 2021 20:35:28 +0200 Subject: [PATCH] home: secrets: clean-up 'default.nix' --- home/secrets/default.nix | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/home/secrets/default.nix b/home/secrets/default.nix index 3624472..ac0e5b5 100644 --- a/home/secrets/default.nix +++ b/home/secrets/default.nix @@ -2,13 +2,17 @@ with lib; let - canaryHash = builtins.hashFile "sha256" ./canary; - expectedHash = - "9df8c065663197b5a1095122d48e140d3677d860343256abd5ab6e4fb4c696ab"; + throwOnCanary = + let + canaryHash = builtins.hashFile "sha256" ./canary; + expectedHash = + "9df8c065663197b5a1095122d48e140d3677d860343256abd5ab6e4fb4c696ab"; + in + if canaryHash != expectedHash + then throw "Secrets are not readable. Have you run `git-crypt unlock`?" + else id; in -if canaryHash != expectedHash then - abort "Secrets are not readable. Have you run `git-crypt unlock`?" -else { +throwOnCanary { options.my.secrets = mkOption { type = types.attrs; };