correctly list non-root secrets

Secrets that are only partly owned by root (i.e. either user or group
are not 'root') are now accounted for during activation.
This commit is contained in:
Aluísio Augusto Silva Gonçalves 2020-12-22 01:34:35 -03:00
parent 553d1f5caa
commit b0a48f587e
No known key found for this signature in database
GPG key ID: DA6EA2FACDB1CBD2

View file

@ -23,7 +23,7 @@ let
rootOwnedSecrets = builtins.filter (st: st.owner == "root" && st.group == "root") (builtins.attrValues cfg.secrets); rootOwnedSecrets = builtins.filter (st: st.owner == "root" && st.group == "root") (builtins.attrValues cfg.secrets);
installRootOwnedSecrets = builtins.concatStringsSep "\n" (["echo '[agenix] decrypting root secrets...'"] ++ (map installSecret rootOwnedSecrets)); installRootOwnedSecrets = builtins.concatStringsSep "\n" (["echo '[agenix] decrypting root secrets...'"] ++ (map installSecret rootOwnedSecrets));
nonRootSecrets = builtins.filter (st: st.owner != "root" && st.group != "root") (builtins.attrValues cfg.secrets); nonRootSecrets = builtins.filter (st: st.owner != "root" || st.group != "root") (builtins.attrValues cfg.secrets);
installNonRootSecrets = builtins.concatStringsSep "\n" (["echo '[agenix] decrypting non-root secrets...'"] ++ (map installSecret nonRootSecrets)); installNonRootSecrets = builtins.concatStringsSep "\n" (["echo '[agenix] decrypting non-root secrets...'"] ++ (map installSecret nonRootSecrets));
secretType = types.submodule ({ config, ... }: { secretType = types.submodule ({ config, ... }: {