mynix
/
agenix
mirror of https://github.com/ryantm/agenix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
301 Commits 4 Branches 12 Tags 944 KiB
Commit Graph

301 Commits

Author SHA1 Message Date
Ryan Mulligan 4a93de2beb
readme: master -> main 2021-11-20 17:30:45 -08:00
Ryan Mulligan cb0fe60ff1
Merge pull request #72 from oslerw/patch-1 
Install instructions: master -> main
 2021-11-20 17:12:49 -08:00
William Osler fc8272d31c
master -> main 
Fix installation instructions for channel installation, now that the default branch name has changed.
 2021-11-20 16:29:27 -08:00
Ryan Mulligan 4fefd7cfff
Merge pull request #71 from ryantm/fix-non-root-secrets 
fix: make non-root secrets accessible again
 2021-11-20 12:23:07 -08:00
Ryan Mulligan 5ff75b48b4 fix: make non-root secrets accessible again 
fixes #69
 2021-11-20 12:19:52 -08:00
Ryan Mulligan b8e873bc23 ci: split linux and macos 
That wasn't how you do it.
 2021-11-20 11:39:24 -08:00
Ryan Mulligan 12e5225c9c ci: fix NixOS tests, try macos 2021-11-20 11:37:06 -08:00
Ryan Mulligan c7906a8021 ci: run nix *flake* check 2021-11-20 11:31:38 -08:00
Ryan Mulligan b12f117555 ci: run nix check 2021-11-20 11:30:40 -08:00
Cole Helbling 7bb0b5d7f1 modules/age: add option to disable symlinking 
There are some cases where it may be better or even required to have the
secret be a file that is not a symlink. Setting

    age.secrets.some-secret.symlink = false;

will disable the default functionality of symlinking secrets and instead
just forcibly move them to their `path`.
 2021-11-15 21:39:32 -08:00
Cole Helbling e538664435 modules/age: /run/secrets -> /run/agenix 2021-11-15 21:39:32 -08:00
Cole Helbling 111754b894 modules/age: remove old secrets generations 2021-11-15 21:39:32 -08:00
Cole Helbling f816a0d5df modules/age: symlink files into place 
This follows sops-nix's implementation, where it creates a
`/run/secrets.d` ramfs mountpoint and a "generation" each time
the activation script runs, and then symlinks `/run/secrets` to
`/run/secrets.d/[generation]`.
 2021-11-15 21:39:32 -08:00
Ryan Mulligan 53aa91b417
Merge pull request #62 from yaymukund/document-overlay-usage 
Document how to install the binary in a `nix-channel` install.
 2021-10-16 10:07:08 -07:00
Mukund Lakshman b5cb1a07c0 Document how to install the binary in a `nix-channel` install. 2021-10-16 12:04:16 -04:00
Ryan Mulligan daf1d77398
Merge pull request #59 from ryantm/workaround54 
fix: remove workaround for #54
 2021-09-17 09:31:09 -07:00
Ryan Mulligan 6d9fdcbd70 fix: remove workaround for #54 
https://github.com/NixOS/nixpkgs/pull/137508 should remove the need
for this.
 2021-09-16 15:39:38 -07:00
Ryan Mulligan 5c5bc28256
Merge pull request #57 from ryantm/workaround54 
fix: workaround for #54
 2021-09-10 19:04:24 -07:00
Ryan Mulligan 375a33cd97 fix: workaround for #54 2021-09-10 16:30:05 -07:00
Ryan Mulligan e6752e7b85
Merge pull request #52 from gabysbrain/patch-1 
add .nix extensions
 2021-08-01 05:56:27 -07:00
Tom Torsney-Weir 1a09f60c3a
add .nix extensions 
on my system (21.05.1759.91903ceb294 (Okapi)) I needed to add the .nix extensions on age to get nixos-rebuild to find the module. This seems to be inline with the modules directory structure:
`modules/age/nix`
rather than
`modules/age/default.nix`
but I'm not an expert on nix's file naming conventions
 2021-08-01 13:26:50 +02:00
Ryan Mulligan 6e5ca0926e
Merge pull request #49 from ngkz/master 
run activation scripts after /run mount
 2021-07-30 15:54:13 -07:00
Ryan Mulligan fb00f178b3
Merge pull request #51 from michaeladler/fix/diff-command-not-found 
Make 'diff' an explicit dependency
 2021-07-22 06:27:35 -07:00
Michael Adler 5c1fbaabc2 Make 'diff' an explicit dependency 2021-07-22 13:58:29 +02:00
Ryan Mulligan 85da8b7366 add meta.description 
closes #47
closes #48
 2021-07-20 08:50:08 -07:00
Kazutoshi Noguchi 8bad14fe08 run activation scripts after /run mount 2021-07-01 14:13:44 +09:00
Ryan Mulligan e543aa7d68 doc: explain better where SSH host keys come from in tutorial 
fixes #17
 2021-05-12 20:37:55 -07:00
Ryan Mulligan 20a5c3d256
Merge pull request #44 from ryantm/umask 
fix: umask
 2021-05-12 20:33:50 -07:00
Ryan Mulligan 400e5208be doc: be more forceful about needing at least 20.09 2021-05-12 20:21:42 -07:00
Ryan Mulligan b69fd62fbb fix: umask 
fixes #38
 2021-05-12 20:11:17 -07:00
Ryan Mulligan c27b6334a2
Merge pull request #42 from ryantm/flake 
fix: stop using flake-utils to fix flake show and flake check
 2021-05-10 10:46:18 -07:00
Ryan Mulligan b25c37a869
Merge pull request #40 from ryantm/test 
add a NixOS test for setting a user's passwordFile with agenix; and some features/fixes this required
 2021-05-10 10:44:18 -07:00
Ryan Mulligan 1ed5f6d3a9 fix: flake show and flake check 
remove flake-utils
 2021-05-09 15:36:04 -07:00
Ryan Mulligan dd29ebafac Merge remote-tracking branch 'veehaitch/update-flake' into test 2021-05-09 14:27:50 -07:00
Ryan Mulligan 419c6cc281 dev: add integration test 2021-05-09 14:22:48 -07:00
Ryan Mulligan 6aec6889ba feature: use uid 0 and gid 0 as default owner and group (consider them root) 
This assumes that the root user is always uid 0 and gid 0, which I
believe is a safe assumption. The reason to add this is because when a
declarative VM (for example, a NixOS test) or image boots the first
time, the installRootOwnedSecrets activation script runs BEFORE the
"users" and "groups" activation scripts, so the user and group for
root is not created. Using uid 0 and gid 0 gets around the root user
not being set up yet.
 2021-05-09 14:18:20 -07:00
Ryan Mulligan ecee2c76b9 fix: allow deps of installRootOwnedSecrets activation script to be overridden 2021-05-09 14:17:48 -07:00
Ryan Mulligan c12ac8b6f3
Merge pull request #34 from edrex/patch-1 
Extend the tutorial to describe location of decrypted secrets
 2021-05-06 06:18:42 -07:00
Ryan Mulligan 204bd95d30 fix: pin more uses of sed 2021-05-04 20:28:24 -07:00
Ryan Mulligan 8e1647070b
Merge pull request #37 from ryantm/specify-binaries 
fix: pin down all binaries outside of coreutils
 2021-05-04 18:04:10 -07:00
Ryan Mulligan 0b6987f914 fix: pin down all binaries outside of coreutils 
The default sed was having trouble with newline splitting on MacOS.
 2021-05-04 06:24:31 -07:00
Ryan Mulligan 8652eb6cf3
doc: update readme notice 2021-05-02 18:27:44 -07:00
Vincent Haupert a0e97fd8e7
flake.lock: Update 
Flake input changes:

* Updated 'flake-utils': 'github:numtide/flake-utils/3cd06d3c1df6879c9e41cb2c33113df10566c760' -> 'github:numtide/flake-utils/eed214942bcfb3a8cc09eb3b28ca7d7221e44a94'
* Updated 'nixpkgs': 'github:NixOS/nixpkgs/7ff50a7f7b9a701228f870813fe58f01950f870b' -> 'path:/nix/store/z1rf17q0fxj935cmplzys4gg6nxj1as0-source?lastModified=1618628710&narHash=sha256-9xIoU+BrCpjs5nfWcd%2fGlU7XCVdnNKJPffoNTxgGfhs=&rev=7919518f0235106d050c77837df5e338fb94de5d'
 2021-04-24 12:32:10 +02:00
Eric Drechsel 838c08e7b2
Update README.md 
Co-authored-by: asymmetric <lorenzo@mailbox.org>
 2021-04-08 17:03:08 -07:00
Eric Drechsel a64940456c
Update README.md 2021-04-08 11:47:48 -07:00
Eric Drechsel 66374fb29e
Extend the tutorial to describe location of decrypted secrets 2021-04-08 11:43:54 -07:00
Ryan Mulligan f30f0eeb11
Merge pull request #32 from felixscheinost/feature/fix-wrong-import 
Fix relative path to `rage.nix`
 2021-03-16 10:47:12 -07:00
Felix Scheinost 3f07139990 Fix relative path 2021-03-16 18:31:27 +01:00
Ryan Mulligan 9eb981eeb5
Merge pull request #30 from cole-h/cond-module 
modules/age: build local rage if pkgs.rage is older than 0.5.0
 2021-03-01 14:08:09 -08:00
Cole Helbling ef7ec993e8
modules/age: build local rage if pkgs.rage is older than 0.5.0 2021-03-01 13:11:02 -08:00