Commit graph

231 commits

Author SHA1 Message Date
Bruno BELANYI
0155c5710e Test home-manager module 2023-05-06 14:18:17 +01:00
Bruno BELANYI
1f43d94d52 Add home-manager input 2023-05-06 14:18:17 +01:00
Bruno BELANYI
9274b82816 Add home-manager module
This is to update and fix the issues I saw in [1] and [2].

Using a service definition instead of an activation script should
resolve the issue about the secrets disappearing after rebooting.

Removed the `user` and `group` option as they do not make sense to me
for a home-manager module, which should target a single user. They can
always be added back if somebody comes screaming.

This is somewhat modeled after sops-nix's own module [3].

[1]: https://github.com/ryantm/agenix/pull/58/
[2]: https://github.com/ryantm/agenix/pull/109
[3]: https://github.com/Mic92/sops-nix/blob/master/modules/home-manager/sops.nix
2023-05-06 14:18:17 +01:00
Cole Helbling
2994d002dc
Merge pull request #179 from winny-/patch-1
doc: missing space
2023-04-21 11:17:59 -07:00
Ryan Mulligan
0e3a237c5a
Merge pull request #175 from whentze/fix-decrypt-truncating
fix truncated output when decrypting a large file to stdout via -d
2023-04-21 07:28:48 -07:00
Winston (Winny) Weinert
8722cf94f1
doc: missing space 2023-04-20 18:50:12 -05:00
Nathan Henrie
e64961977f
Merge pull request #155 from ryantm/rtm-2-19-doc-no-darwin
doc: how to skip the Darwin input
2023-03-31 10:49:20 -06:00
Wanja Hentze
40550f0619 fix truncated output when decrypting a large file to stdout via -d
rage intentionally truncates large output when writing to stdout:
55e52c252b/age/src/cli_common/file_io.rs (L219)
but if told to write to "-" instead, it will not truncate:
55e52c252b/age/src/cli_common/file_io.rs (L312)
2023-03-14 18:53:32 +01:00
Ryan Mulligan
03b51fe8e4
Merge pull request #174 from ryantm/rm-3-4-doc
doc: actually fix github pages deploy
2023-03-04 14:42:46 -08:00
Ryan Mulligan
b1d6d764e1 doc: actually fix github pages deploy 2023-03-04 14:41:59 -08:00
Ryan Mulligan
1abf0ade92
Merge pull request #173 from ryantm/rm-3-4-doc
doc: try a slightly different format for github action
2023-03-04 13:07:34 -08:00
Ryan Mulligan
2fb0a74be3 doc: try a slightly different format for github action 2023-03-04 13:06:51 -08:00
Ryan Mulligan
36986c8fed
Merge pull request #172 from ryantm/rm-3-4-doc
doc: try to fix doc ci
2023-03-04 12:05:30 -08:00
Ryan Mulligan
119fac65b4 doc: try to fix doc ci 2023-03-04 12:04:58 -08:00
Ryan Mulligan
6a2757101d
Merge pull request #170 from ryantm/rtm-2-26-mmdoc
doc: add new doc website
2023-03-04 10:46:20 -08:00
Ryan Mulligan
657789137c doc: add new doc website
* use mmdoc
* add github pages action to auto publish
* do not edit README for now, will follow up with a commit directs
people to the doc site
2023-03-04 10:34:29 -08:00
Ryan Mulligan
4828951d9d
Merge pull request #171 from ryantm/revert-169-rm-2-26-identity-storepath
Revert "fix: disallow Nix store paths in age.identityPaths option"
2023-02-26 15:22:22 -08:00
Ryan Mulligan
b67873854d
Revert "fix: disallow Nix store paths in age.identityPaths option" 2023-02-26 15:11:56 -08:00
Ryan Mulligan
faf978f7f3
Merge pull request #169 from ryantm/rm-2-26-identity-storepath
fix: disallow Nix store paths in age.identityPaths option
2023-02-26 13:45:03 -08:00
Ryan Mulligan
1141c36c26 fix: disallow Nix store paths in age.identityPaths option 2023-02-26 09:03:17 -08:00
Ryan Mulligan
9225d56306
Merge pull request #168 from n8henrie/issue_165_docs
Expand explanation that identityPaths should be strings
2023-02-26 08:54:58 -08:00
Nathan Henrie
37dcc5f5e7 Expand explanation that identityPaths should be strings 2023-02-24 11:17:12 -07:00
Ryan Mulligan
833f87c8ff
Merge pull request #164 from whentze/decrypt-only-fix-binary
fix -d/--decrypt-only not working correctly for binary data
2023-02-24 06:01:20 -08:00
Wanja Hentze
7dae15b7bc fix -d/--decrypt-only not working correctly for binary data
I had first used `printf` for outputting the data,
but that breaks if the secret itself contains null bytes.

One could fix this by using e.g. `cat`, but looking a bit more at the code
I realized that in the -d case we never need to `mktemp` at all and can
just ask `age` to write directly to stdout by not setting -o.
2023-02-24 09:00:48 +01:00
Ryan Mulligan
c2a71c83c7
Merge pull request #158 from whentze/decrypt-only
add -d/--decrypt option to decrypt a file to stdout
2023-02-22 20:25:46 -08:00
muvlon
9cf1967039 feature: add -d/--decrypt option to decrypt a file to stdout 2023-02-22 19:20:58 -08:00
Ryan Mulligan
2d735d6518
Merge pull request #162 from ryantm/rtm-2-21-stop-packaging-rage
contrib: stop packaging rage
2023-02-22 09:07:10 -08:00
Ryan Mulligan
2c0ae7d44f contrib: stop packaging rage
We don't need to package rage anymore, since all the latest maintained
versions of Nix have versions higher than what we need.
2023-02-21 20:33:19 -08:00
Ryan Mulligan
0c50bbe60e
Merge pull request #161 from n8henrie/warnings-to-stderr
Output user-facing warnings to stderr instead of stdout
2023-02-21 15:17:43 -08:00
Nathan Henrie
283c178469 Add warn and err helpers, use diff -q 2023-02-21 12:46:44 -07:00
Nathan Henrie
d84a99d0b8 Redirect user-directed warnings to stderr 2023-02-21 12:42:19 -07:00
Nathan Henrie
5f66c8aa77
Merge pull request #154 from ryantm/rtm-2-19-pipe
feature: pipe cleartext into agenix -e
2023-02-20 09:30:39 -07:00
Ryan Mulligan
53da86e976
Merge pull request #156 from mputz86/main
Make isDarwin check more robust
2023-02-20 06:45:27 -08:00
Matthias Putz
ec66ebe0ee Make isDarwin check more robust 2023-02-20 13:47:48 +01:00
Ryan Mulligan
b0721be0c6 doc: how to skip the Darwin input 2023-02-19 15:12:18 -08:00
Ryan Mulligan
344c8e41d2 feature: pipe cleartext into agenix -e
If STDIN is not interactive, change EDITOR to `cp /dev/stdin`.

fixes #33
2023-02-19 10:20:07 -08:00
Ryan Mulligan
2c56a93426
Merge pull request #153 from ryantm/rtm-2-18-test-docs
contrib: add instructions for running the tests
2023-02-18 21:50:37 -08:00
Ryan Mulligan
c602dc4ffb contrib: add instructions for running the tests 2023-02-18 18:37:43 -08:00
Nathan Henrie
78a22dbc0d
Merge pull request #152 from ryantm/rtm-2-18-fix-bogus-id-rsa 2023-02-18 16:00:27 -07:00
Ryan Mulligan
16c6ccef09 test: simplify and speed up editor tests 2023-02-18 12:52:13 -08:00
Ryan Mulligan
ec396f7a76 fix: if an identity is specified, don't use the default ones
fixes #151
2023-02-18 11:55:58 -08:00
Ryan Mulligan
e4f0dcc8d3 test: add tests for editing
* regular editing
* in presence of bogus id_rsa file
2023-02-18 11:54:48 -08:00
Ryan Mulligan
de657061b1
Merge pull request #150 from n8henrie/expand_tests
Expand tests
2023-02-16 17:58:21 -08:00
Nathan Henrie
0b5c4b8c8f Test rekeying via agenix CLI
This test copies the example `secrets.nix` and age files and uses the
user key to rekey them. It compares the hash before and after to ensure
that the age file is actually being changed.
2023-02-16 14:19:42 -07:00
Nathan Henrie
9e361f8b39 Install agenix CLI 2023-02-16 14:19:28 -07:00
Nathan Henrie
0efac6bcf0 Add user key, since it has access to all 3 secrets 2023-02-16 14:18:54 -07:00
Nathan Henrie
effb43cb63 Use new-style tests 2023-02-13 11:50:59 -07:00
Ryan Mulligan
ea17cc71b4
Merge pull request #139 from ryantm/rtm-1-29-cli-test
contrib: use mkDerivation for agenix cli
2023-02-11 14:18:23 -08:00
Ryan Mulligan
d0b75ddf9a contrib: use mkDerivation for agenix cli
* use mkDerivation
* separate shell code in own file
* use shellcheck to lint shell code
* remove rage version check since rage is greater than 0.5.0 on all
  maintained nixpkgs
2023-02-11 13:18:31 -08:00
Ryan Mulligan
6053c559c5
Merge pull request #146 from n8henrie/issue_143
Skip missing or unreadable keys
2023-02-11 08:54:07 -08:00