From e319eaf09f5c9d818307194ff2d7801125dbf344 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 12 Jun 2021 19:29:38 +0200 Subject: [PATCH 1/4] pkgs: bw-pass: fix 'meta.platforms' This makes use of 'keyutils' which only works on Linux. --- pkgs/bw-pass/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/bw-pass/default.nix b/pkgs/bw-pass/default.nix index a5297d5..6f27bd3 100644 --- a/pkgs/bw-pass/default.nix +++ b/pkgs/bw-pass/default.nix @@ -39,7 +39,7 @@ stdenvNoCC.mkDerivation rec { description = "A simple script to query a password from bitwarden"; homepage = "https://gitea.belanyi.fr/ambroisie/nix-config"; license = with licenses; [ mit ]; - platforms = platforms.unix; + platforms = platforms.linux; maintainers = with maintainers; [ ambroisie ]; }; } From cd1173d2f6a596a60d604af79dd088b304b2ac33 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 12 Jun 2021 19:55:54 +0200 Subject: [PATCH 2/4] flake: filter 'packages' on system --- flake.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index b11dbed..b7fd152 100644 --- a/flake.nix +++ b/flake.nix @@ -135,7 +135,13 @@ inherit (self.checks.${system}.pre-commit) shellHook; }; - packages = import ./pkgs { inherit pkgs; }; + packages = + let + packages = import ./pkgs { inherit pkgs; }; + isSystem = pkg: builtins.elem system pkg.meta.platforms; + finalPackages = lib.flip lib.filterAttrs packages (_: isSystem); + in + finalPackages; }) // { overlay = self.overlays.pkgs; From f8325cc9c73ac8b2459f54ffd64670ce96149571 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 12 Jun 2021 20:12:19 +0200 Subject: [PATCH 3/4] secrets: clean-up 'default.nix' --- secrets/default.nix | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/secrets/default.nix b/secrets/default.nix index 8c34abe..754483d 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -1,14 +1,18 @@ -{ lib, pkgs, ... }: +{ lib, ... }: with lib; let - canaryHash = builtins.hashFile "sha256" ./canary; - expectedHash = - "9df8c065663197b5a1095122d48e140d3677d860343256abd5ab6e4fb4c696ab"; + throwOnCanary = + let + canaryHash = builtins.hashFile "sha256" ./canary; + expectedHash = + "9df8c065663197b5a1095122d48e140d3677d860343256abd5ab6e4fb4c696ab"; + in + if canaryHash != expectedHash + then throw "Secrets are not readable. Have you run `git-crypt unlock`?" + else id; in -if canaryHash != expectedHash then - abort "Secrets are not readable. Have you run `git-crypt unlock`?" -else { +throwOnCanary { options.my.secrets = mkOption { type = types.attrs; }; @@ -50,6 +54,6 @@ else { root.hashedPassword = fileContents ./users/root/password.txt; }; - wireguard = pkgs.callPackage ./wireguard { }; + wireguard = import ./wireguard { inherit lib; }; }; } From 3a471433ed2005c2ebc61b84c9c441d68eac2c37 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 12 Jun 2021 20:35:28 +0200 Subject: [PATCH 4/4] home: secrets: clean-up 'default.nix' --- home/secrets/default.nix | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/home/secrets/default.nix b/home/secrets/default.nix index 3624472..ac0e5b5 100644 --- a/home/secrets/default.nix +++ b/home/secrets/default.nix @@ -2,13 +2,17 @@ with lib; let - canaryHash = builtins.hashFile "sha256" ./canary; - expectedHash = - "9df8c065663197b5a1095122d48e140d3677d860343256abd5ab6e4fb4c696ab"; + throwOnCanary = + let + canaryHash = builtins.hashFile "sha256" ./canary; + expectedHash = + "9df8c065663197b5a1095122d48e140d3677d860343256abd5ab6e4fb4c696ab"; + in + if canaryHash != expectedHash + then throw "Secrets are not readable. Have you run `git-crypt unlock`?" + else id; in -if canaryHash != expectedHash then - abort "Secrets are not readable. Have you run `git-crypt unlock`?" -else { +throwOnCanary { options.my.secrets = mkOption { type = types.attrs; };