24 lines
476 B
Nix
24 lines
476 B
Nix
{ pkgs ? import <nixpkgs> {}
|
|
, gpgKeyFile ? ../../salt-gpg.asc
|
|
}:
|
|
|
|
path:
|
|
let
|
|
json = pkgs.runCommand "json-from-j2yaml" {
|
|
nativeBuildInputs = with pkgs; [
|
|
gnupg
|
|
pythonPackages.j2cli ruby yaml2json
|
|
];
|
|
} ''
|
|
export GNUPGHOME=$(mktemp -d)
|
|
gpg --import ${gpgKeyFile}
|
|
|
|
j2 ${path} > expanded.yaml
|
|
ruby ${./yaml-gpg.rb} expanded.yaml > decrypted.yaml
|
|
yaml2json < decrypted.yaml > $out
|
|
'';
|
|
in
|
|
builtins.fromJSON (
|
|
builtins.readFile json
|
|
)
|