ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

home: secrets: clean-up 'default.nix'

Browse source
This commit is contained in:
Bruno BELANYI 2021-06-12 20:35:28 +02:00
parent a4cce8a561
commit ecae28a72f
1 changed files with 10 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
home/secrets/default.nix
View file

@ -1,14 +1,18 @@
{ lib, ... }: { lib, ... }:
with lib; with lib;
let
throwOnCanary =
let let
canaryHash = builtins.hashFile "sha256" ./canary; canaryHash = builtins.hashFile "sha256" ./canary;
expectedHash = expectedHash =
"9df8c065663197b5a1095122d48e140d3677d860343256abd5ab6e4fb4c696ab"; "9df8c065663197b5a1095122d48e140d3677d860343256abd5ab6e4fb4c696ab";
in in
if canaryHash != expectedHash then if canaryHash != expectedHash
abort "Secrets are not readable. Have you run `git-crypt unlock`?" then throw "Secrets are not readable. Have you run `git-crypt unlock`?"
else { else id;
in
throwOnCanary {
options.my.secrets = mkOption { options.my.secrets = mkOption {
type = types.attrs; type = types.attrs;
}; };