modules/age: remove old secrets generations

This commit is contained in:
Cole Helbling 2021-02-26 20:31:16 -08:00
parent f816a0d5df
commit 111754b894

View file

@ -138,6 +138,11 @@ in
chmod 0750 "${cfg.secretsMountPoint}/$_count" chmod 0750 "${cfg.secretsMountPoint}/$_count"
chown :keys "${cfg.secretsMountPoint}" "${cfg.secretsMountPoint}/$_count" chown :keys "${cfg.secretsMountPoint}" "${cfg.secretsMountPoint}/$_count"
ln -sfn "${cfg.secretsMountPoint}/$_count" /run/secrets ln -sfn "${cfg.secretsMountPoint}/$_count" /run/secrets
(( _agenix_generation > 1 )) && {
echo "[agenix] removing old secrets (generation $(( _agenix_generation - 1 )))..."
rm -rf "${cfg.secretsMountPoint}/$(( _agenix_generation - 1 ))"
}
''; '';
# Secrets with root owner and group can be installed before users # Secrets with root owner and group can be installed before users