mirror of
https://github.com/ryantm/agenix.git
synced 2024-12-22 07:38:31 +03:00
fix: remove workaround for #54
https://github.com/NixOS/nixpkgs/pull/137508 should remove the need for this.
This commit is contained in:
parent
375a33cd97
commit
6d9fdcbd70
1 changed files with 12 additions and 20 deletions
|
@ -103,29 +103,21 @@ in
|
|||
'';
|
||||
};
|
||||
};
|
||||
config = mkIf (cfg.secrets != { }) (mkMerge [
|
||||
|
||||
{
|
||||
assertions = [{
|
||||
assertion = cfg.sshKeyPaths != [ ];
|
||||
message = "age.sshKeyPaths must be set.";
|
||||
}];
|
||||
config = mkIf (cfg.secrets != { }) {
|
||||
assertions = [{
|
||||
assertion = cfg.sshKeyPaths != [ ];
|
||||
message = "age.sshKeyPaths must be set.";
|
||||
}];
|
||||
|
||||
# Secrets with root owner and group can be installed before users
|
||||
# exist. This allows user password files to be encrypted.
|
||||
system.activationScripts.agenixRoot = stringAfter [ "specialfs" ] installRootOwnedSecrets;
|
||||
system.activationScripts.users.deps = [ "agenixRoot" ];
|
||||
# Secrets with root owner and group can be installed before users
|
||||
# exist. This allows user password files to be encrypted.
|
||||
system.activationScripts.agenixRoot = stringAfter [ "specialfs" ] installRootOwnedSecrets;
|
||||
system.activationScripts.users.deps = [ "agenixRoot" ];
|
||||
|
||||
# Other secrets need to wait for users and groups to exist.
|
||||
system.activationScripts.agenix = stringAfter [ "users" "groups" "specialfs" ] installNonRootSecrets;
|
||||
# Other secrets need to wait for users and groups to exist.
|
||||
system.activationScripts.agenix = stringAfter [ "users" "groups" "specialfs" ] installNonRootSecrets;
|
||||
|
||||
}
|
||||
};
|
||||
|
||||
# workaround for #54
|
||||
(optionalAttrs (builtins.hasAttr "dryActivationScript" options.system) {
|
||||
system.activationScripts.users.supportsDryActivation = mkForce false;
|
||||
system.activationScripts.groups.supportsDryActivation = mkForce false;
|
||||
})
|
||||
|
||||
]);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue