mirror of
https://git.sr.ht/~magic_rb/dotfiles
synced 2024-11-30 03:56:12 +01:00
4818571d9e
Signed-off-by: magic_rb <magic_rb@redalder.org>
79 lines
1.7 KiB
Bash
79 lines
1.7 KiB
Bash
if [[ "$NIX_SECRET_WRAPPER_DEBUG" = 1 ]] ; then
|
|
set -x
|
|
fi
|
|
|
|
if ! [ -z $NIX_GET_COMPLETIONS ] || [ "$NIX_WRAPPER_BYPASS" = 1 ] ; then
|
|
exec .nix-unwrapped "$@"
|
|
fi
|
|
|
|
pre_lock_hash="$(sha256sum flake-secret.lock | cut -f1 -d' ')"
|
|
new_args=()
|
|
i="0"
|
|
|
|
flake=0
|
|
immutable=0
|
|
local=0
|
|
|
|
for arg in "$@" ; do
|
|
if [[ "$arg" =~ ^git\+file://.*$ ]] ; then
|
|
immutable=1
|
|
local=1
|
|
fi
|
|
if [[ "$arg" =~ ^.\#.*$ ]] ; then
|
|
local=1
|
|
fi
|
|
done
|
|
|
|
for arg in "$@" ; do
|
|
case "$arg" in
|
|
build|eval|run|path-info)
|
|
new_args[$i]="$arg"
|
|
new_args[$(($i + 1))]="--reference-lock-file"
|
|
new_args[$(($i + 2))]="flake-secret.lock"
|
|
if [[ "$immutable" == 0 ]] ; then
|
|
new_args[$(($i + 3))]="--output-lock-file"
|
|
new_args[$(($i + 4))]="flake-secret.lock"
|
|
i="$(($i + 2))"
|
|
fi
|
|
i="$(($i + 3))"
|
|
if [[ "$local" = 0 ]] ; then
|
|
exec .nix-unwrapped "$@"
|
|
fi
|
|
;;
|
|
flake)
|
|
new_args[$i]="$arg"
|
|
i="$(($i + 1))"
|
|
flake=1
|
|
;;
|
|
--*|-*)
|
|
new_args[$i]="$arg"
|
|
i="$(($i + 1))"
|
|
;;
|
|
*)
|
|
if [[ "$flake" == "1" ]] ; then
|
|
new_args[$i]="$arg"
|
|
new_args[$(($i + 1))]="--reference-lock-file"
|
|
new_args[$(($i + 2))]="flake-secret.lock"
|
|
new_args[$(($i + 3))]="--output-lock-file"
|
|
new_args[$(($i + 4))]="flake-secret.lock"
|
|
flake=0
|
|
i="$(($i + 5))"
|
|
else
|
|
new_args[$i]="$arg"
|
|
i="$(($i + 1))"
|
|
fi
|
|
;;
|
|
esac
|
|
done
|
|
|
|
( exec -a $0 .nix-unwrapped "${new_args[@]}" )
|
|
ret_code=$?
|
|
|
|
post_lock_hash="$(sha256sum flake-secret.lock | cut -f1 -d' ')"
|
|
|
|
if ! [[ "$pre_lock_hash" == "$post_lock_hash" ]] || [ "$NIX_SECRET_FORCE" = "1" ] ; then
|
|
cp flake-secret.lock flake.lock
|
|
.nix-unwrapped flake lock --override-input secret sourcehut:~magic_rb/empty
|
|
fi
|
|
exit $ret_code
|