29 lines
718 B
Nix
29 lines
718 B
Nix
let
|
|
lib = import <nixpkgs/lib>;
|
|
helperNames = [ "getSecretsConfig" ];
|
|
|
|
validateTree = context: node:
|
|
if builtins.isAttrs node then
|
|
lib.mapAttrs (name: value:
|
|
if lib.elem name helperNames then
|
|
value
|
|
else
|
|
validateTree "${context}.${name}" value
|
|
) node
|
|
else
|
|
throw "${context} must be an attrset at non-leaf level.";
|
|
|
|
getSecretsConfig = secretsConfig:
|
|
let
|
|
_ =
|
|
if builtins.isAttrs secretsConfig then
|
|
null
|
|
else
|
|
throw "config/secrets.nix must evaluate to an attrset.";
|
|
__ = validateTree "config/secrets.nix" secretsConfig;
|
|
in
|
|
secretsConfig;
|
|
in
|
|
rec {
|
|
inherit getSecretsConfig validateTree;
|
|
}
|