32 lines
619 B
Nix
32 lines
619 B
Nix
{ lib, ... }:
|
|
|
|
with lib;
|
|
let
|
|
throwOnCanary =
|
|
let
|
|
canaryHash = builtins.hashFile "sha256" ./canary;
|
|
expectedHash =
|
|
"9df8c065663197b5a1095122d48e140d3677d860343256abd5ab6e4fb4c696ab";
|
|
in
|
|
if canaryHash != expectedHash
|
|
then throw "Secrets are not readable. Have you run `git-crypt unlock`?"
|
|
else id;
|
|
in
|
|
throwOnCanary {
|
|
options.my.secrets = mkOption {
|
|
type =
|
|
let
|
|
valueType = with types; oneOf [
|
|
int
|
|
str
|
|
(attrsOf valueType)
|
|
];
|
|
in
|
|
valueType;
|
|
};
|
|
|
|
config.my.secrets = {
|
|
# Home-manager secrets go here
|
|
};
|
|
}
|