feat: initial commit

2026-04-08 20:53:49 +02:00 · 2026-04-08 20:53:49 +02:00 · a28c2b5563
commit a28c2b5563
19 changed files with 314 additions and 0 deletions
--- a/validation/secrets.nix
+++ b/validation/secrets.nix
@ -0,0 +1,29 @@
+let
+  lib = import <nixpkgs/lib>;
+  helperNames = [ "getSecretsConfig" ];
+
+  validateTree = context: node:
+    if builtins.isAttrs node then
+      lib.mapAttrs (name: value:
+        if lib.elem name helperNames then
+          value
+        else
+          validateTree "${context}.${name}" value
+      ) node
+    else
+      throw "${context} must be an attrset at non-leaf level.";
+
+  getSecretsConfig = secretsConfig:
+    let
+      _ =
+        if builtins.isAttrs secretsConfig then
+          null
+        else
+          throw "config/secrets.nix must evaluate to an attrset.";
+      __ = validateTree "config/secrets.nix" secretsConfig;
+    in
+      secretsConfig;
+in
+rec {
+  inherit getSecretsConfig validateTree;
+}