blob: 7a39a418a884c4f7bcfe7da47ee41117795ef1d9 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
# Expose secrets as part of the tree, making it possible to validate
# their paths at eval time.
#
# Note that encrypted secrets end up in the Nix store, but this is
# fine since they're publicly available anyways.
{ depot, pkgs, ... }:
path: secrets:
let
inherit (builtins) attrNames listToAttrs;
# Import a secret to the Nix store
declareSecret = name: pkgs.runCommandNoCC name {} ''
cp ${path + "/${name}"} $out
'';
in depot.nix.readTree.drvTargets (listToAttrs (
map (name: { inherit name; value = declareSecret name; })
(attrNames secrets)
))
|
