aa122cbae7
This CL can be used to compare the style of nixpkgs-fmt against other formatters (nixpkgs, alejandra). Change-Id: I87c6abff6bcb546b02ead15ad0405f81e01b6d9e Reviewed-on: https://cl.tvl.fyi/c/depot/+/4397 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: wpcarro <wpcarro@gmail.com> Reviewed-by: Profpatsch <mail@profpatsch.de> Reviewed-by: kanepyork <rikingcoding@gmail.com> Reviewed-by: tazjin <tazjin@tvl.su> Reviewed-by: cynthia <cynthia@tvl.fyi> Reviewed-by: edef <edef@edef.eu> Reviewed-by: eta <tvl@eta.st> Reviewed-by: grfn <grfn@gws.fyi>
27 lines
706 B
Nix
27 lines
706 B
Nix
# Expose secrets as part of the tree, making it possible to validate
|
|
# their paths at eval time.
|
|
#
|
|
# Note that encrypted secrets end up in the Nix store, but this is
|
|
# fine since they're publicly available anyways.
|
|
{ depot, lib, ... }:
|
|
|
|
let
|
|
inherit (depot.nix.yants)
|
|
attrs
|
|
any
|
|
defun
|
|
list
|
|
path
|
|
restrict
|
|
string
|
|
struct
|
|
;
|
|
ssh-pubkey = restrict "SSH pubkey" (lib.hasPrefix "ssh-") string;
|
|
agenixSecret = struct "agenixSecret" { publicKeys = list ssh-pubkey; };
|
|
in
|
|
|
|
defun [ path (attrs agenixSecret) (attrs any) ]
|
|
(path: secrets:
|
|
depot.nix.readTree.drvTargets
|
|
# Import each secret into the Nix store
|
|
(builtins.mapAttrs (name: _: "${path}/${name}") secrets))
|