From 0d957142b6669dcd138fc3518f69d15432c6dcd5 Mon Sep 17 00:00:00 2001
From: Nick Cao <nickcao@nichi.co>
Date: Sun, 4 Jul 2021 13:45:09 +0800
Subject: [PATCH] add readonly option sopsFileHash

---
 modules/sops/default.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/modules/sops/default.nix b/modules/sops/default.nix
index 6afc522..8f9eae5 100644
--- a/modules/sops/default.nix
+++ b/modules/sops/default.nix
@@ -70,6 +70,14 @@ let
           Sops file the secret is loaded from.
         '';
       };
+      sopsFileHash = mkOption {
+        type = types.str;
+        readOnly = true;
+        default = if cfg.validateSopsFiles then "${builtins.hashFile "sha256" config.sopsFile}" else "";
+        description = ''
+          Hash of the sops file, useful in systemd.services.<name>.restartTriggers.
+        '';
+      };
     };
   });
   manifest = pkgs.writeText "manifest.json" (builtins.toJSON {