secrets: clean-up 'default.nix'

2021-06-12 20:12:19 +02:00 · 2021-06-12 20:12:19 +02:00 · f8325cc9c7
parent cd1173d2f6
commit f8325cc9c7
1 changed files with 12 additions and 8 deletions
--- a/secrets/default.nix
+++ b/secrets/default.nix
@ -1,14 +1,18 @@
-{ lib, pkgs, ... }:
+{ lib, ... }:

 with lib;
 let
-  canaryHash = builtins.hashFile "sha256" ./canary;
-  expectedHash =
-    "9df8c065663197b5a1095122d48e140d3677d860343256abd5ab6e4fb4c696ab";
+  throwOnCanary =
+    let
+      canaryHash = builtins.hashFile "sha256" ./canary;
+      expectedHash =
+        "9df8c065663197b5a1095122d48e140d3677d860343256abd5ab6e4fb4c696ab";
+    in
+    if canaryHash != expectedHash
+    then throw "Secrets are not readable. Have you run `git-crypt unlock`?"
+    else id;
 in
-if canaryHash != expectedHash then
-  abort "Secrets are not readable. Have you run `git-crypt unlock`?"
-else {
+throwOnCanary {
  options.my.secrets = mkOption {
    type = types.attrs;
  };
@ -50,6 +54,6 @@ else {
      root.hashedPassword = fileContents ./users/root/password.txt;
    };

-    wireguard = pkgs.callPackage ./wireguard { };
+    wireguard = import ./wireguard { inherit lib; };
  };
 }