mirror of
https://git.sr.ht/~magic_rb/dotfiles
synced 2024-11-22 08:04:20 +01:00
Add very ugly wrapper around nix for secret
Signed-off-by: magic_rb <richard@brezak.sk>
This commit is contained in:
parent
9e9c65dd59
commit
7968f1a15c
2339
flake-secret.lock
Normal file
2339
flake-secret.lock
Normal file
File diff suppressed because it is too large
Load diff
|
|
@ -2008,9 +2008,9 @@
|
||||||
"secret": {
|
"secret": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1696715022,
|
"lastModified": 1697718975,
|
||||||
"narHash": "sha256-FsZub6K05+rrJfziI78OBMyZ/loXrbl1LgN4vjMTPyc=",
|
"narHash": "sha256-pQpattmS9VmO3ZIQUFn66az8GSmB4IvYhTTCFn6SUmo=",
|
||||||
"path": "/home/main/dotfiles/secret",
|
"path": "/var/empty",
|
||||||
"type": "path"
|
"type": "path"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
||||||
64
flake.nix
64
flake.nix
|
|
@ -244,19 +244,81 @@
|
||||||
"
|
"
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
nix-wrapped = pkgs.writeShellScriptBin "nix" ''
|
||||||
|
pre_lock_hash="$(sha256sum flake-secret.lock | cut -f1 -d' ')"
|
||||||
|
new_args=()
|
||||||
|
i="0"
|
||||||
|
|
||||||
|
flake=0
|
||||||
|
|
||||||
|
for arg in "$@" ; do
|
||||||
|
case "$arg" in
|
||||||
|
build|eval)
|
||||||
|
new_args[$i]="$arg"
|
||||||
|
new_args[$(($i + 1))]="--reference-lock-file"
|
||||||
|
new_args[$(($i + 2))]="flake-secret.lock"
|
||||||
|
new_args[$(($i + 3))]="--output-lock-file"
|
||||||
|
new_args[$(($i + 4))]="flake-secret.lock"
|
||||||
|
i="$(($i + 5))"
|
||||||
|
;;
|
||||||
|
flake)
|
||||||
|
new_args[$i]="$arg"
|
||||||
|
i="$(($i + 1))"
|
||||||
|
flake=1
|
||||||
|
;;
|
||||||
|
--*|-*)
|
||||||
|
new_args[$i]="$arg"
|
||||||
|
i="$(($i + 1))"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
if [[ "$flake" == "1" ]] ; then
|
||||||
|
new_args[$i]="$arg"
|
||||||
|
new_args[$(($i + 1))]="--reference-lock-file"
|
||||||
|
new_args[$(($i + 2))]="flake-secret.lock"
|
||||||
|
new_args[$(($i + 3))]="--output-lock-file"
|
||||||
|
new_args[$(($i + 4))]="flake-secret.lock"
|
||||||
|
i="$(($i + 5))"
|
||||||
|
else
|
||||||
|
new_args[$i]="$arg"
|
||||||
|
i="$(($i + 1))"
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
${pkgs.lib.getExe pkgs.nixUnstable} "''${new_args[@]}"
|
||||||
|
|
||||||
|
post_lock_hash="$(sha256sum flake-secret.lock | cut -f1 -d' ')"
|
||||||
|
|
||||||
|
if ! [[ "$pre_lock_hash" == "$post_lock_hash" ]] ; then
|
||||||
|
cp flake-secret.lock flake.lock
|
||||||
|
${pkgs.lib.getExe pkgs.nixUnstable} flake lock --override-input secret path:///var/empty
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
nix-unwrapped = pkgs.writeShellScriptBin "nix-unwrapped" ''
|
||||||
|
exec ${pkgs.lib.getExe pkgs.nixUnstable} "$@"
|
||||||
|
'';
|
||||||
|
nix-with-wrapper = pkgs.symlinkJoin {
|
||||||
|
name = "nix";
|
||||||
|
paths = [ # pkgs.nixUnstable
|
||||||
|
nix-unwrapped
|
||||||
|
nix-wrapped ];
|
||||||
|
};
|
||||||
in
|
in
|
||||||
pkgs.mkShell {
|
pkgs.mkShell {
|
||||||
nativeBuildInputs = with pkgs; [
|
nativeBuildInputs = with pkgs; [
|
||||||
(pkgs.writeShellScriptBin "update-secret" ''
|
(pkgs.writeShellScriptBin "update-secret" ''
|
||||||
nix flake lock --update-input secret
|
nix flake lock --update-input secret
|
||||||
'')
|
'')
|
||||||
nil
|
nil nix-with-wrapper
|
||||||
nomad consul vault
|
nomad consul vault
|
||||||
|
|
||||||
haskell.compiler.ghc946
|
haskell.compiler.ghc946
|
||||||
stack-wrapped
|
stack-wrapped
|
||||||
pkg-config
|
pkg-config
|
||||||
haskell.packages.ghc946.haskell-language-server
|
haskell.packages.ghc946.haskell-language-server
|
||||||
|
jq
|
||||||
] ++ (lib.foldl (acc: x: acc ++ x) [] (map (x: pkgs.haskell.packages.ghc946.${x}.buildInputs) [ "gi-pangocairo" "X11" "cairo" "glib" ]));
|
] ++ (lib.foldl (acc: x: acc ++ x) [] (map (x: pkgs.haskell.packages.ghc946.${x}.buildInputs) [ "gi-pangocairo" "X11" "cairo" "glib" ]));
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue