swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 00:57:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: repo-local secrets implemented for yubikey

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-06-11 04:01:07 +02:00
parent 609bb1597f
commit 85cbd5e1f6
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
11 changed files with 230 additions and 60 deletions
Download patch file Download diff file Expand all files Collapse all files

4
nix/extra-builtins.nix
View file

@ -17,8 +17,8 @@ in
nixFile:
assert assertMsg (builtins.isPath nixFile)
"The file to decrypt must be given as a path to prevent impurity.";
assert assertMsg (hasSuffix ".nix.age" nixFile)
"The content of the decrypted file must be a nix expression and should therefore end in .nix.age";
assert assertMsg (hasSuffix ".nix.enc" nixFile)
"The content of the decrypted file must be a nix expression and should therefore end in .nix.enc";
exec [
./sops-decrypt-and-cache.sh
nixFile

2
nix/sops-decrypt-and-cache.sh
View file

@ -11,7 +11,7 @@ fi
file="$1"
shift
basename="$file"
basename="${file%".enc"}"
# store path prefix or ./ if applicable
[[ $file == "/nix/store/"* ]] && basename="${basename#*"-"}"
[[ $file == "./"* ]] && basename="${basename#"./"}"