2023-05-26 00:40:31 +07:00
|
|
|
{ exec, ... }: {
|
2023-05-26 01:38:17 +07:00
|
|
|
secrets = exec [ "cat" "/etc/nixos/private/default.nix" ] {
|
|
|
|
# compress and base64 the file to make it representable in nix,
|
|
|
|
# then decompress it back in a derivation (shouldn't there be a better way...)
|
2023-10-17 20:25:03 +07:00
|
|
|
copyToStore = pkgs: name: path:
|
2023-05-26 01:38:17 +07:00
|
|
|
let
|
|
|
|
archive = exec [
|
2023-08-14 03:50:27 +07:00
|
|
|
"/bin/sh" "-c"
|
2023-10-17 20:25:03 +07:00
|
|
|
"echo '\"' && (cd /etc/nixos/private && tar -I ${pkgs.zstd}/bin/zstd -c -- ${pkgs.lib.escapeShellArg path} 2>/dev/null | base64 -w0) && echo '\"'"
|
2023-05-26 01:38:17 +07:00
|
|
|
];
|
|
|
|
in "${pkgs.stdenvNoCC.mkDerivation {
|
2023-10-17 20:25:03 +07:00
|
|
|
inherit name;
|
2023-05-26 01:38:17 +07:00
|
|
|
unpackPhase = "true";
|
|
|
|
buildPhase = "true";
|
|
|
|
installPhase = ''
|
|
|
|
mkdir -p $out
|
|
|
|
cd $out
|
2023-10-17 20:25:03 +07:00
|
|
|
echo "${archive}" | base64 -d | tar -I ${pkgs.zstd}/bin/zstd -x
|
2023-05-26 01:38:17 +07:00
|
|
|
'';
|
2023-10-17 20:25:03 +07:00
|
|
|
}}/${toString path}";
|
2023-05-26 01:38:17 +07:00
|
|
|
};
|
2023-05-26 00:40:31 +07:00
|
|
|
}
|