chore(nix): Move files around to conform to new read-tree layout

Broadly speaking, the following things are included:

* there is now a uniform `args` struct that is passed to all
  derivations, package headers have been changed appropriately
* overrides are now loaded from a separate `override` folder just
  using read-tree.nix
* third-party packages have moved into the `third_party` attribute set

1 files changed, 11 insertions, 11 deletions

diff --git a/tools/kms_pass/default.nix b/tools/kms_pass/default.nix
index fbc17650a948..113db30224de 100644
--- a/tools/kms_pass/default.nix
+++ b/tools/kms_pass/default.nix
@@ -6,10 +6,10 @@
 #
 # Only the 'show' and 'insert' commands are supported.
 
-{ google-cloud-sdk, tree, writeShellScriptBin
-, project, region, keyring, key }:
+{ pkgs, kms, ... }:
 
-writeShellScriptBin "pass" ''
+let inherit (pkgs) google-cloud-sdk tree writeShellScriptBin;
+in writeShellScriptBin "pass" ''
   set -eo pipefail
 
   CMD="$1"
@@ -34,20 +34,20 @@ writeShellScriptBin "pass" ''
     show)
       secret_check
       ${google-cloud-sdk}/bin/gcloud kms decrypt \
-        --project ${project} \
-        --location ${region} \
-        --keyring ${keyring} \
-        --key ${key} \
+        --project ${kms.project} \
+        --location ${kms.region} \
+        --keyring ${kms.keyring} \
+        --key ${kms.key} \
         --ciphertext-file $SECRET_PATH \
         --plaintext-file -
       ;;
     insert)
       secret_check
       ${google-cloud-sdk}/bin/gcloud kms encrypt \
-        --project ${project} \
-        --location ${region} \
-        --keyring ${keyring} \
-        --key ${key} \
+        --project ${kms.project} \
+        --location ${kms.region} \
+        --keyring ${kms.keyring} \
+        --key ${kms.key} \
         --ciphertext-file $SECRET_PATH \
         --plaintext-file -
       echo "Inserted secret '$SECRET'"