2023-10-03 17:15:14 +03:00
|
|
|
{ config, ... }:
|
2023-07-28 15:39:50 +03:00
|
|
|
let
|
|
|
|
canaryHash = builtins.hashFile "sha256" ./secrets/canary;
|
2023-09-06 16:10:11 +03:00
|
|
|
expectedHash =
|
|
|
|
"bc6f38a927602241c5e0996b61ebd3a90d5356ca76dc968ec14df3cd45c6612c";
|
2023-10-03 17:15:14 +03:00
|
|
|
in if (canaryHash != expectedHash && config.my.features.secrets) then
|
2023-10-03 22:14:50 +03:00
|
|
|
abort "Secrets are enabled and not readable. Have you run `git-crypt unlock`?"
|
2023-09-06 16:10:11 +03:00
|
|
|
else {
|
|
|
|
hashed-password = builtins.readFile ./secrets/hashed-password;
|
2023-10-27 12:29:45 +03:00
|
|
|
maas-address = builtins.readFile ./secrets/maas-address;
|
2023-12-17 10:57:18 +03:00
|
|
|
yggdrasil-peer = builtins.readFile ./secrets/yggdrasil-peer;
|
|
|
|
yggdrasil-password = builtins.readFile ./secrets/yggdrasil-password;
|
2024-05-07 18:36:24 +03:00
|
|
|
wireguard = import ./secrets/wireguard.nix;
|
2023-09-06 16:10:11 +03:00
|
|
|
}
|