chore(nix): Move files around to conform to new read-tree layout

Broadly speaking, the following things are included: * there is now a uniform `args` struct that is passed to all derivations, package headers have been changed appropriately * overrides are now loaded from a separate `override` folder just using read-tree.nix * third-party packages have moved into the `third_party` attribute set
2019-11-15 15:26:08 +00:00 · 2019-11-15 15:26:08 +00:00 · c1c379848a
commit c1c379848a
parent 4d852e2ef7
19 changed files with 109 additions and 99 deletions
--- a/tools/kms_pass/default.nix
+++ b/tools/kms_pass/default.nix
@ -6,10 +6,10 @@
 #
 # Only the 'show' and 'insert' commands are supported.

-{ google-cloud-sdk, tree, writeShellScriptBin
-, project, region, keyring, key }:
+{ pkgs, kms, ... }:

-writeShellScriptBin "pass" ''
+let inherit (pkgs) google-cloud-sdk tree writeShellScriptBin;
+in writeShellScriptBin "pass" ''
  set -eo pipefail

  CMD="$1"
@ -34,20 +34,20 @@ writeShellScriptBin "pass" ''
    show)
      secret_check
      ${google-cloud-sdk}/bin/gcloud kms decrypt \
-        --project ${project} \
-        --location ${region} \
-        --keyring ${keyring} \
-        --key ${key} \
+        --project ${kms.project} \
+        --location ${kms.region} \
+        --keyring ${kms.keyring} \
+        --key ${kms.key} \
        --ciphertext-file $SECRET_PATH \
        --plaintext-file -
      ;;
    insert)
      secret_check
      ${google-cloud-sdk}/bin/gcloud kms encrypt \
-        --project ${project} \
-        --location ${region} \
-        --keyring ${keyring} \
-        --key ${key} \
+        --project ${kms.project} \
+        --location ${kms.region} \
+        --keyring ${kms.keyring} \
+        --key ${kms.key} \
        --ciphertext-file $SECRET_PATH \
        --plaintext-file -
      echo "Inserted secret '$SECRET'"