mirror of
https://github.com/ryantm/agenix.git
synced 2024-12-22 15:48:30 +03:00
fix: remove workaround for #54
https://github.com/NixOS/nixpkgs/pull/137508 should remove the need for this.
This commit is contained in:
parent
375a33cd97
commit
6d9fdcbd70
1 changed files with 12 additions and 20 deletions
|
@ -103,29 +103,21 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
config = mkIf (cfg.secrets != { }) (mkMerge [
|
|
||||||
|
|
||||||
{
|
config = mkIf (cfg.secrets != { }) {
|
||||||
assertions = [{
|
assertions = [{
|
||||||
assertion = cfg.sshKeyPaths != [ ];
|
assertion = cfg.sshKeyPaths != [ ];
|
||||||
message = "age.sshKeyPaths must be set.";
|
message = "age.sshKeyPaths must be set.";
|
||||||
}];
|
}];
|
||||||
|
|
||||||
# Secrets with root owner and group can be installed before users
|
# Secrets with root owner and group can be installed before users
|
||||||
# exist. This allows user password files to be encrypted.
|
# exist. This allows user password files to be encrypted.
|
||||||
system.activationScripts.agenixRoot = stringAfter [ "specialfs" ] installRootOwnedSecrets;
|
system.activationScripts.agenixRoot = stringAfter [ "specialfs" ] installRootOwnedSecrets;
|
||||||
system.activationScripts.users.deps = [ "agenixRoot" ];
|
system.activationScripts.users.deps = [ "agenixRoot" ];
|
||||||
|
|
||||||
# Other secrets need to wait for users and groups to exist.
|
# Other secrets need to wait for users and groups to exist.
|
||||||
system.activationScripts.agenix = stringAfter [ "users" "groups" "specialfs" ] installNonRootSecrets;
|
system.activationScripts.agenix = stringAfter [ "users" "groups" "specialfs" ] installNonRootSecrets;
|
||||||
|
|
||||||
}
|
};
|
||||||
|
|
||||||
# workaround for #54
|
|
||||||
(optionalAttrs (builtins.hasAttr "dryActivationScript" options.system) {
|
|
||||||
system.activationScripts.users.supportsDryActivation = mkForce false;
|
|
||||||
system.activationScripts.groups.supportsDryActivation = mkForce false;
|
|
||||||
})
|
|
||||||
|
|
||||||
]);
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue