mynix
/
agenix
mirror of https://github.com/ryantm/agenix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: remove workaround for #54 

https://github.com/NixOS/nixpkgs/pull/137508 should remove the need
for this.
This commit is contained in:
Ryan Mulligan 2021-09-16 15:39:38 -07:00
parent 375a33cd97
commit 6d9fdcbd70
1 changed files with 12 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
modules/age.nix
View File

@ -103,29 +103,21 @@ in
'';
};
};
config = mkIf (cfg.secrets != { }) (mkMerge [
{
assertions = [{
assertion = cfg.sshKeyPaths != [ ];
message = "age.sshKeyPaths must be set.";
}];
config = mkIf (cfg.secrets != { }) {
assertions = [{
assertion = cfg.sshKeyPaths != [ ];
message = "age.sshKeyPaths must be set.";
}];
# Secrets with root owner and group can be installed before users
# exist. This allows user password files to be encrypted.
system.activationScripts.agenixRoot = stringAfter [ "specialfs" ] installRootOwnedSecrets;
system.activationScripts.users.deps = [ "agenixRoot" ];
# Secrets with root owner and group can be installed before users
# exist. This allows user password files to be encrypted.
system.activationScripts.agenixRoot = stringAfter [ "specialfs" ] installRootOwnedSecrets;
system.activationScripts.users.deps = [ "agenixRoot" ];
# Other secrets need to wait for users and groups to exist.
system.activationScripts.agenix = stringAfter [ "users" "groups" "specialfs" ] installNonRootSecrets;
# Other secrets need to wait for users and groups to exist.
system.activationScripts.agenix = stringAfter [ "users" "groups" "specialfs" ] installNonRootSecrets;
}
};
# workaround for #54
(optionalAttrs (builtins.hasAttr "dryActivationScript" options.system) {
system.activationScripts.users.supportsDryActivation = mkForce false;
system.activationScripts.groups.supportsDryActivation = mkForce false;
})
]);
}