From b0a48f587e7e52d88707832c8fb1142484a457a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alu=C3=ADsio=20Augusto=20Silva=20Gon=C3=A7alves?= Date: Tue, 22 Dec 2020 01:34:35 -0300 Subject: [PATCH] correctly list non-root secrets Secrets that are only partly owned by root (i.e. either user or group are not 'root') are now accounted for during activation. --- modules/age.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/age.nix b/modules/age.nix index d645ae8..974af50 100644 --- a/modules/age.nix +++ b/modules/age.nix @@ -23,7 +23,7 @@ let rootOwnedSecrets = builtins.filter (st: st.owner == "root" && st.group == "root") (builtins.attrValues cfg.secrets); installRootOwnedSecrets = builtins.concatStringsSep "\n" (["echo '[agenix] decrypting root secrets...'"] ++ (map installSecret rootOwnedSecrets)); - nonRootSecrets = builtins.filter (st: st.owner != "root" && st.group != "root") (builtins.attrValues cfg.secrets); + nonRootSecrets = builtins.filter (st: st.owner != "root" || st.group != "root") (builtins.attrValues cfg.secrets); installNonRootSecrets = builtins.concatStringsSep "\n" (["echo '[agenix] decrypting non-root secrets...'"] ++ (map installSecret nonRootSecrets)); secretType = types.submodule ({ config, ... }: {