mirror of
https://github.com/ryantm/agenix.git
synced 2024-12-22 07:38:31 +03:00
fix: workaround for #54
This commit is contained in:
parent
e6752e7b85
commit
375a33cd97
1 changed files with 24 additions and 13 deletions
|
@ -1,4 +1,4 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{ config, options, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
|
@ -103,18 +103,29 @@ in
|
|||
'';
|
||||
};
|
||||
};
|
||||
config = mkIf (cfg.secrets != { }) {
|
||||
assertions = [{
|
||||
assertion = cfg.sshKeyPaths != [ ];
|
||||
message = "age.sshKeyPaths must be set.";
|
||||
}];
|
||||
config = mkIf (cfg.secrets != { }) (mkMerge [
|
||||
|
||||
# Secrets with root owner and group can be installed before users
|
||||
# exist. This allows user password files to be encrypted.
|
||||
system.activationScripts.agenixRoot = stringAfter [ "specialfs" ] installRootOwnedSecrets;
|
||||
system.activationScripts.users.deps = [ "agenixRoot" ];
|
||||
{
|
||||
assertions = [{
|
||||
assertion = cfg.sshKeyPaths != [ ];
|
||||
message = "age.sshKeyPaths must be set.";
|
||||
}];
|
||||
|
||||
# Other secrets need to wait for users and groups to exist.
|
||||
system.activationScripts.agenix = stringAfter [ "users" "groups" "specialfs" ] installNonRootSecrets;
|
||||
};
|
||||
# Secrets with root owner and group can be installed before users
|
||||
# exist. This allows user password files to be encrypted.
|
||||
system.activationScripts.agenixRoot = stringAfter [ "specialfs" ] installRootOwnedSecrets;
|
||||
system.activationScripts.users.deps = [ "agenixRoot" ];
|
||||
|
||||
# Other secrets need to wait for users and groups to exist.
|
||||
system.activationScripts.agenix = stringAfter [ "users" "groups" "specialfs" ] installNonRootSecrets;
|
||||
|
||||
}
|
||||
|
||||
# workaround for #54
|
||||
(optionalAttrs (builtins.hasAttr "dryActivationScript" options.system) {
|
||||
system.activationScripts.users.supportsDryActivation = mkForce false;
|
||||
system.activationScripts.groups.supportsDryActivation = mkForce false;
|
||||
})
|
||||
|
||||
]);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue