mirror of
https://git.sr.ht/~magic_rb/dotfiles
synced 2024-11-25 09:36:14 +01:00
Add very ugly wrapper around nix for secret
Signed-off-by: magic_rb <richard@brezak.sk>
This commit is contained in:
parent
9e9c65dd59
commit
7968f1a15c
2339
flake-secret.lock
Normal file
2339
flake-secret.lock
Normal file
File diff suppressed because it is too large
Load diff
|
@ -2008,9 +2008,9 @@
|
|||
"secret": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696715022,
|
||||
"narHash": "sha256-FsZub6K05+rrJfziI78OBMyZ/loXrbl1LgN4vjMTPyc=",
|
||||
"path": "/home/main/dotfiles/secret",
|
||||
"lastModified": 1697718975,
|
||||
"narHash": "sha256-pQpattmS9VmO3ZIQUFn66az8GSmB4IvYhTTCFn6SUmo=",
|
||||
"path": "/var/empty",
|
||||
"type": "path"
|
||||
},
|
||||
"original": {
|
||||
|
|
64
flake.nix
64
flake.nix
|
@ -244,19 +244,81 @@
|
|||
"
|
||||
'';
|
||||
};
|
||||
|
||||
nix-wrapped = pkgs.writeShellScriptBin "nix" ''
|
||||
pre_lock_hash="$(sha256sum flake-secret.lock | cut -f1 -d' ')"
|
||||
new_args=()
|
||||
i="0"
|
||||
|
||||
flake=0
|
||||
|
||||
for arg in "$@" ; do
|
||||
case "$arg" in
|
||||
build|eval)
|
||||
new_args[$i]="$arg"
|
||||
new_args[$(($i + 1))]="--reference-lock-file"
|
||||
new_args[$(($i + 2))]="flake-secret.lock"
|
||||
new_args[$(($i + 3))]="--output-lock-file"
|
||||
new_args[$(($i + 4))]="flake-secret.lock"
|
||||
i="$(($i + 5))"
|
||||
;;
|
||||
flake)
|
||||
new_args[$i]="$arg"
|
||||
i="$(($i + 1))"
|
||||
flake=1
|
||||
;;
|
||||
--*|-*)
|
||||
new_args[$i]="$arg"
|
||||
i="$(($i + 1))"
|
||||
;;
|
||||
*)
|
||||
if [[ "$flake" == "1" ]] ; then
|
||||
new_args[$i]="$arg"
|
||||
new_args[$(($i + 1))]="--reference-lock-file"
|
||||
new_args[$(($i + 2))]="flake-secret.lock"
|
||||
new_args[$(($i + 3))]="--output-lock-file"
|
||||
new_args[$(($i + 4))]="flake-secret.lock"
|
||||
i="$(($i + 5))"
|
||||
else
|
||||
new_args[$i]="$arg"
|
||||
i="$(($i + 1))"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
${pkgs.lib.getExe pkgs.nixUnstable} "''${new_args[@]}"
|
||||
|
||||
post_lock_hash="$(sha256sum flake-secret.lock | cut -f1 -d' ')"
|
||||
|
||||
if ! [[ "$pre_lock_hash" == "$post_lock_hash" ]] ; then
|
||||
cp flake-secret.lock flake.lock
|
||||
${pkgs.lib.getExe pkgs.nixUnstable} flake lock --override-input secret path:///var/empty
|
||||
fi
|
||||
'';
|
||||
nix-unwrapped = pkgs.writeShellScriptBin "nix-unwrapped" ''
|
||||
exec ${pkgs.lib.getExe pkgs.nixUnstable} "$@"
|
||||
'';
|
||||
nix-with-wrapper = pkgs.symlinkJoin {
|
||||
name = "nix";
|
||||
paths = [ # pkgs.nixUnstable
|
||||
nix-unwrapped
|
||||
nix-wrapped ];
|
||||
};
|
||||
in
|
||||
pkgs.mkShell {
|
||||
nativeBuildInputs = with pkgs; [
|
||||
(pkgs.writeShellScriptBin "update-secret" ''
|
||||
nix flake lock --update-input secret
|
||||
'')
|
||||
nil
|
||||
nil nix-with-wrapper
|
||||
nomad consul vault
|
||||
|
||||
haskell.compiler.ghc946
|
||||
stack-wrapped
|
||||
pkg-config
|
||||
haskell.packages.ghc946.haskell-language-server
|
||||
jq
|
||||
] ++ (lib.foldl (acc: x: acc ++ x) [] (map (x: pkgs.haskell.packages.ghc946.${x}.buildInputs) [ "gi-pangocairo" "X11" "cairo" "glib" ]));
|
||||
};
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue