2023-05-26 00:40:31 +07:00
|
|
|
{ exec, ... }: {
|
2023-05-26 01:38:17 +07:00
|
|
|
secrets = exec [ "cat" "/etc/nixos/private/default.nix" ] {
|
|
|
|
# compress and base64 the file to make it representable in nix,
|
|
|
|
# then decompress it back in a derivation (shouldn't there be a better way...)
|
|
|
|
copyToStore = pkgs: path:
|
|
|
|
let
|
|
|
|
archive = exec [
|
2023-08-14 03:50:27 +07:00
|
|
|
"/bin/sh" "-c"
|
2023-05-26 01:38:17 +07:00
|
|
|
"echo '\"' && (cd /etc/nixos/private && tar czv ${path} 2>/dev/null | base64 -w0) && echo '\"'"
|
|
|
|
];
|
|
|
|
in "${pkgs.stdenvNoCC.mkDerivation {
|
|
|
|
name = "private";
|
|
|
|
unpackPhase = "true";
|
|
|
|
buildPhase = "true";
|
|
|
|
installPhase = ''
|
|
|
|
mkdir -p $out
|
|
|
|
cd $out
|
|
|
|
echo "${archive}" | base64 -d | tar xzv
|
|
|
|
'';
|
|
|
|
url = builtins.toFile "private.tar.gz.base64" archive;
|
|
|
|
}}/${path}";
|
|
|
|
};
|
2023-05-26 00:40:31 +07:00
|
|
|
}
|