${v.user} ${v.group} ${v.permissions} ${fpath v}
EOF
'';
+ toOutputs = n: v: if v.path or false then n else pkgs.lib.flatten (map (v': (import n)."${v'}") v.outputs);
+ inputs = pkgs.lib.unique (pkgs.lib.flatten (map (v:
+ if v.isDir then []
+ else pkgs.lib.mapAttrsToList toOutputs (builtins.getContext v.text)
+ ) keys));
secrets = pkgs.runCommand "secrets.tar.enc" {
buildInputs = [ pkgs.gnupg pkgs.sops ];
} ''
done
sops --age ${builtins.concatStringsSep "," config.secrets.ageKeys} --pgp ''${fingerprints#,} --input-type binary -i -e $out 2>/dev/null
+ cat $out | ${pkgs.jq}/bin/jq --argjson inputs '${builtins.toJSON inputs}' '.sops.nixInputs = $inputs' | ${pkgs.moreutils}/bin/sponge $out
'';
pathChmodExcl =
let