From 2c5acd15df4466417920e6e58faf68a22154de4c Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Sat, 27 Dec 2025 21:03:25 -0500
Subject: [PATCH] Introduce functions to generate yaml.

The toYAML function is just an alias to toJSON which is technically fine since YAML is a superset of JSON, but these new functions will generate actual YAML.
---
 .../package/k8s-encryption-key/package.nix    | 20 ++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/nix/kubernetes/keys/package/k8s-encryption-key/package.nix b/nix/kubernetes/keys/package/k8s-encryption-key/package.nix
index 1f88575e..fcbbca1d 100644
--- a/nix/kubernetes/keys/package/k8s-encryption-key/package.nix
+++ b/nix/kubernetes/keys/package/k8s-encryption-key/package.nix
@@ -9,12 +9,28 @@
 # distPhase
 {
   lib,
+  pkgs,
   stdenv,
   runCommand,
   writeText,
   ...
 }:
 let
+  to_yaml_file =
+    file_name: contents:
+    let
+      settingsFormat = pkgs.formats.yaml { };
+      yaml_file = settingsFormat.generate file_name contents;
+    in
+    yaml_file;
+  to_yaml =
+    file_name: contents:
+    let
+      settingsFormat = pkgs.formats.yaml { };
+      yaml_file = settingsFormat.generate file_name contents;
+      yaml_content = builtins.readFile yaml_file;
+    in
+    yaml_content;
   kube_encryption_key = runCommand "kube_encryption_key" { } ''
     head -c 32 /dev/urandom | base64 | tee $out
   '';
@@ -40,9 +56,7 @@ let
       }
     ];
   };
-  kube_encryption_config_yaml = (
-    writeText "encryption-config.yaml" (lib.generators.toYAML { } kube_encryption_config)
-  );
+  kube_encryption_config_yaml = (to_yaml_file "encryption-config.yaml" kube_encryption_config);
 in
 stdenv.mkDerivation (finalAttrs: {
   name = "k8s-encryption-key";