Compare commits

...

4 commits

Author SHA1 Message Date
Bruno BELANYI 3a471433ed home: secrets: clean-up 'default.nix'
All checks were successful
continuous-integration/drone/push Build is passing
2021-06-12 20:35:28 +02:00
Bruno BELANYI f8325cc9c7 secrets: clean-up 'default.nix' 2021-06-12 20:35:06 +02:00
Bruno BELANYI cd1173d2f6 flake: filter 'packages' on system 2021-06-12 19:56:17 +02:00
Bruno BELANYI e319eaf09f pkgs: bw-pass: fix 'meta.platforms'
This makes use of 'keyutils' which only works on Linux.
2021-06-12 19:30:25 +02:00
4 changed files with 30 additions and 16 deletions

View file

@ -135,7 +135,13 @@
inherit (self.checks.${system}.pre-commit) shellHook;
};
packages =
let
packages = import ./pkgs { inherit pkgs; };
isSystem = pkg: builtins.elem system pkg.meta.platforms;
finalPackages = lib.flip lib.filterAttrs packages (_: isSystem);
in
finalPackages;
}) // {
overlay = self.overlays.pkgs;

View file

@ -2,13 +2,17 @@
with lib;
let
throwOnCanary =
let
canaryHash = builtins.hashFile "sha256" ./canary;
expectedHash =
"9df8c065663197b5a1095122d48e140d3677d860343256abd5ab6e4fb4c696ab";
in
if canaryHash != expectedHash
then throw "Secrets are not readable. Have you run `git-crypt unlock`?"
else id;
in
if canaryHash != expectedHash then
abort "Secrets are not readable. Have you run `git-crypt unlock`?"
else {
throwOnCanary {
options.my.secrets = mkOption {
type = types.attrs;
};

View file

@ -39,7 +39,7 @@ stdenvNoCC.mkDerivation rec {
description = "A simple script to query a password from bitwarden";
homepage = "https://gitea.belanyi.fr/ambroisie/nix-config";
license = with licenses; [ mit ];
platforms = platforms.unix;
platforms = platforms.linux;
maintainers = with maintainers; [ ambroisie ];
};
}

View file

@ -1,14 +1,18 @@
{ lib, pkgs, ... }:
{ lib, ... }:
with lib;
let
throwOnCanary =
let
canaryHash = builtins.hashFile "sha256" ./canary;
expectedHash =
"9df8c065663197b5a1095122d48e140d3677d860343256abd5ab6e4fb4c696ab";
in
if canaryHash != expectedHash
then throw "Secrets are not readable. Have you run `git-crypt unlock`?"
else id;
in
if canaryHash != expectedHash then
abort "Secrets are not readable. Have you run `git-crypt unlock`?"
else {
throwOnCanary {
options.my.secrets = mkOption {
type = types.attrs;
};
@ -50,6 +54,6 @@ else {
root.hashedPassword = fileContents ./users/root/password.txt;
};
wireguard = pkgs.callPackage ./wireguard { };
wireguard = import ./wireguard { inherit lib; };
};
}