From 5fe711708aa335fe71af924753b8555192f2b2b8 Mon Sep 17 00:00:00 2001
From: Yaroslav Bolyukin <iam@lach.pw>
Date: Wed, 08 Apr 2026 03:18:17 +0000
Subject: [PATCH] feat: mkAskEnv, mkAskFile


---
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -170,6 +170,47 @@
         }
       );
 
+    mkAskFile =
+      {
+        header ? "",
+        part ? "secret",
+      }:
+      (
+        {
+          kdePackages,
+          coreutils,
+          mkImpureSecretGenerator,
+        }:
+        mkImpureSecretGenerator {
+          script = ''
+            mkdir $out
+            tmpfile=$(${coreutils}/bin/mktemp)
+            trap "${coreutils}/bin/rm -f $tmpfile" EXIT
+            cat > "$tmpfile" <<'HEADER'
+            ${header}
+            HEADER
+            ${kdePackages.kate}/bin/kate --startanon --new --block "$tmpfile"
+            gh private -o $out/${part} < "$tmpfile"
+          '';
+
+          parts.${part}.encrypted = true;
+        }
+      );
+
+    mkAskEnv =
+      {
+        header ? "",
+        variables ? [ ],
+        part ? "secret",
+      }:
+      mkAskFile {
+        inherit part;
+        header = builtins.concatStringsSep "\n" (
+          (map (l: "# ${l}") (lib.splitString "\n" header))
+          ++ (map (v: "${v}=") variables)
+        );
+      };
+
     /**
       Generate a random RSA keypair
 
@@ -273,6 +314,8 @@
     mkHexBytes
     mkBase64Bytes
     mkAskPass
+    mkAskFile
+    mkAskEnv
     ;
 
   strings =

-- 
gitstuff