Merge pull request #71 from ryantm/fix-non-root-secrets

fix: make non-root secrets accessible again
This commit is contained in:
Ryan Mulligan 2021-11-20 12:23:07 -08:00 committed by GitHub
commit 4fefd7cfff
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -140,10 +140,10 @@ in
(( ++_agenix_generation ))
echo "[agenix] symlinking new secrets to /run/agenix (generation $_agenix_generation)..."
mkdir -p "${cfg.secretsMountPoint}"
chmod 0750 "${cfg.secretsMountPoint}"
grep -q "${cfg.secretsMountPoint} ramfs" /proc/mounts || mount -t ramfs none "${cfg.secretsMountPoint}" -o nodev,nosuid,mode=0750
chmod 0751 "${cfg.secretsMountPoint}"
grep -q "${cfg.secretsMountPoint} ramfs" /proc/mounts || mount -t ramfs none "${cfg.secretsMountPoint}" -o nodev,nosuid,mode=0751
mkdir -p "${cfg.secretsMountPoint}/$_agenix_generation"
chmod 0750 "${cfg.secretsMountPoint}/$_agenix_generation"
chmod 0751 "${cfg.secretsMountPoint}/$_agenix_generation"
ln -sfn "${cfg.secretsMountPoint}/$_agenix_generation" /run/agenix
(( _agenix_generation > 1 )) && {