12{ nixpkgs, hosts }: with nixpkgs.lib; rec {3 mkSecret =4 let5 system = builtins.currentSystem;6 pkgs = import nixpkgs { inherit system; };7 keys = builtins.getEnv "RAGE_KEYS";8 encryptCmd = "rage ${keys} -a";9 impuritySource = builtins.getEnv "IMPURITY_SOURCE";10 in11 f:12 let13 data = f { inherit pkgs encryptCmd; };14 in15 builtins.derivation {16 inherit system;17 name = "secret";1819 builder = "${pkgs.bash}/bin/bash";20 args = [21 (22 pkgs.writeTextFile {23 name = "./build-${impuritySource}.sh";24 text = data.script;25 executable = true;26 }27 )28 ];2930 PATH = "${pkgs.coreutils}/bin:${pkgs.rage}/bin${builtins.concatStringsSep "" (builtins.map (n: ":${n}/bin") data.utils)}";31 };32 33 hostNames = attrNames hosts;34 hostsToAttrs = f: listToAttrs (35 map (name: { inherit name; value = f name; }) hostNames36 );37 hostsCartesian = remove null (38 unique (39 crossLists40 (41 a: b:42 if a == b then43 null44 else45 hostsPair a b46 ) [ hostNames hostNames ]47 )48 );49 hostsPair = this: other:50 let51 sorted = sort (a: b: a < b) [ this other ];52 in53 {54 a = elemAt sorted 0;55 b = elemAt sorted 1;56 };57}