mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2024-12-14 11:57:52 +00:00
Code Activity
sops-nix/flake.nix
Jörg Thalheim 7769727634 move nixpkgs-stable to private flake inputs 
now with home-manager and nix-darwin tests, we don't want to increase
the number of dependencies a user has to override in their flake.lock.
2024-11-17 13:20:58 +01:00

104 lines
2.9 KiB
Nix
Raw Blame History

{
description = "Integrates sops into nixos";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nixConfig.extra-substituters = [ "https://cache.thalheim.io" ];
nixConfig.extra-trusted-public-keys = [
"cache.thalheim.io-1:R7msbosLEZKrxk/lKxf9BTjOOH7Ax3H0Qj0/6wiHOgc="
];
outputs =
{
self,
nixpkgs,
}@inputs:
let
loadPrivateFlake =
path:
let
flakeHash = builtins.readFile "${toString path}.narHash";
flakePath = "path:${toString path}?narHash=${flakeHash}";
in
builtins.getFlake (builtins.unsafeDiscardStringContext flakePath);
privateFlake = loadPrivateFlake ./dev/private;
privateInputs = privateFlake.inputs;
systems = [
"x86_64-linux"
"x86_64-darwin"
"aarch64-darwin"
"aarch64-linux"
];
eachSystem =
f:
builtins.listToAttrs (
builtins.map (system: {
name = system;
value = f {
pkgs = inputs.nixpkgs.legacyPackages.${system};
inherit system;
};
}) systems
);
in
# public outputs
{
overlays.default =
final: prev:
let
localPkgs = import ./default.nix { pkgs = final; };
in
{
inherit (localPkgs)
sops-install-secrets
sops-init-gpg-key
sops-pgp-hook
sops-import-keys-hook
sops-ssh-to-age
;
# backward compatibility
inherit (prev) ssh-to-pgp;
};
nixosModules = {
sops = ./modules/sops;
default = self.nixosModules.sops;
};
homeManagerModules.sops = ./modules/home-manager/sops.nix;
homeManagerModule = self.homeManagerModules.sops;
darwinModules = {
sops = ./modules/nix-darwin;
default = self.darwinModules.sops;
};
packages = eachSystem ({ pkgs, ... }: import ./default.nix { inherit pkgs; });
}
//
# dev outputs
{
checks = eachSystem (
{ system, ... }:
let
tests = self.packages.${system}.sops-install-secrets.tests;
packages-stable = import ./default.nix {
pkgs = privateInputs.nixpkgs-stable.legacyPackages.${system};
};
tests-stable = packages-stable.sops-install-secrets.tests;
suffix-version =
version: attrs:
nixpkgs.lib.mapAttrs' (name: value: nixpkgs.lib.nameValuePair (name + version) value) attrs;
suffix-stable = suffix-version "-24_05";
in
tests // (suffix-stable tests-stable) // (suffix-stable packages-stable)
);
devShells = eachSystem (
{ pkgs, ... }:
{
unit-tests = pkgs.callPackage ./pkgs/unit-tests.nix { };
default = pkgs.callPackage ./shell.nix { };
}
);
};
}
View git blame Copy permalink