Compare commits
2 commits
d5e7ea14e7
...
0acececb31
Author | SHA1 | Date | |
---|---|---|---|
0acececb31 | |||
ea4b4b4a8e |
1 changed files with 0 additions and 22 deletions
22
default.nix
22
default.nix
|
@ -97,31 +97,11 @@ in
|
||||||
ln -snf ${terranixConfigFile} config.tf.json
|
ln -snf ${terranixConfigFile} config.tf.json
|
||||||
exec ${pkgs.lib.getExe pkgs.opentofu} "$@"
|
exec ${pkgs.lib.getExe pkgs.opentofu} "$@"
|
||||||
'')
|
'')
|
||||||
(pkgs.writeShellScriptBin "decryptAndSourceEnvironment" ''
|
|
||||||
set -eo pipefail
|
|
||||||
|
|
||||||
# TODO: don't hardcode me.
|
|
||||||
SECRET_FILE=".credentials/admin-environment.age"
|
|
||||||
IDENTITIES=()
|
|
||||||
for identity in [ "$HOME/.ssh/id_ed25519" "$HOME/.ssh/id_rsa" ]; do
|
|
||||||
test -r "$identity" || continue
|
|
||||||
IDENTITIES+=(-i)
|
|
||||||
IDENTITIES+=("$identity")
|
|
||||||
done
|
|
||||||
|
|
||||||
test "''${#IDENTITIES[@]}" -eq 0 && echo "[agenix-shell] WARNING: no readable identities found!"
|
|
||||||
|
|
||||||
test -f "$SECRET_FILE" || echo "[agenix-shell] WARNING: encrypted environment file $SECRET_FILE not found!"
|
|
||||||
export eval $(${pkgs.lib.getExe pkgs.rage} --decrypt "''${IDENTITIES[@]}" -o - $SECRET_FILE)
|
|
||||||
|
|
||||||
echo "[agenix-shell] Repository-wide secrets loaded in the environment."
|
|
||||||
'')
|
|
||||||
(pkgs.nixos-generators.overrideAttrs (_: {
|
(pkgs.nixos-generators.overrideAttrs (_: {
|
||||||
version = "1.8.0-unstable";
|
version = "1.8.0-unstable";
|
||||||
src = builtins.storePath sources.nixos-generators;
|
src = builtins.storePath sources.nixos-generators;
|
||||||
}))
|
}))
|
||||||
pkgs.npins
|
pkgs.npins
|
||||||
pkgs.rage
|
|
||||||
|
|
||||||
(pkgs.callPackage ./lib/colmena { inherit (nix-pkgs) colmena; })
|
(pkgs.callPackage ./lib/colmena { inherit (nix-pkgs) colmena; })
|
||||||
(pkgs.callPackage "${sources.agenix}/pkgs/agenix.nix" { })
|
(pkgs.callPackage "${sources.agenix}/pkgs/agenix.nix" { })
|
||||||
|
@ -131,8 +111,6 @@ in
|
||||||
|
|
||||||
shellHook = ''
|
shellHook = ''
|
||||||
${git-checks.shellHook}
|
${git-checks.shellHook}
|
||||||
# If we want to export these environments, we need to source it, not call it.
|
|
||||||
source $(which decryptAndSourceEnvironment)
|
|
||||||
'';
|
'';
|
||||||
|
|
||||||
preferLocalBuild = true;
|
preferLocalBuild = true;
|
||||||
|
|
Loading…
Reference in a new issue