mynix
/
agenix
mirror of https://github.com/ryantm/agenix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

correctly list non-root secrets 

Secrets that are only partly owned by root (i.e. either user or group
are not 'root') are now accounted for during activation.
This commit is contained in:
Aluísio Augusto Silva Gonçalves 2020-12-22 01:34:35 -03:00
parent 553d1f5caa
commit b0a48f587e
No known key found for this signature in database
GPG Key ID: DA6EA2FACDB1CBD2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/age.nix
View File

@ -23,7 +23,7 @@ let
rootOwnedSecrets = builtins.filter (st: st.owner == "root" && st.group == "root") (builtins.attrValues cfg.secrets);
installRootOwnedSecrets = builtins.concatStringsSep "\n" (["echo '[agenix] decrypting root secrets...'"] ++ (map installSecret rootOwnedSecrets));
nonRootSecrets = builtins.filter (st: st.owner != "root" && st.group != "root") (builtins.attrValues cfg.secrets);
nonRootSecrets = builtins.filter (st: st.owner != "root" || st.group != "root") (builtins.attrValues cfg.secrets);
installNonRootSecrets = builtins.concatStringsSep "\n" (["echo '[agenix] decrypting non-root secrets...'"] ++ (map installSecret nonRootSecrets));
secretType = types.submodule ({ config, ... }: {