Commit graph

231 commits

Author SHA1 Message Date
Tom Torsney-Weir
1a09f60c3a
add .nix extensions
on my system (21.05.1759.91903ceb294 (Okapi)) I needed to add the .nix extensions on age to get nixos-rebuild to find the module. This seems to be inline with the modules directory structure:
`modules/age/nix`
rather than
`modules/age/default.nix`
but I'm not an expert on nix's file naming conventions
2021-08-01 13:26:50 +02:00
Ryan Mulligan
6e5ca0926e
Merge pull request #49 from ngkz/master
run activation scripts after /run mount
2021-07-30 15:54:13 -07:00
Ryan Mulligan
fb00f178b3
Merge pull request #51 from michaeladler/fix/diff-command-not-found
Make 'diff' an explicit dependency
2021-07-22 06:27:35 -07:00
Michael Adler
5c1fbaabc2 Make 'diff' an explicit dependency 2021-07-22 13:58:29 +02:00
Ryan Mulligan
85da8b7366 add meta.description
closes #47
closes #48
2021-07-20 08:50:08 -07:00
Kazutoshi Noguchi
8bad14fe08 run activation scripts after /run mount 2021-07-01 14:13:44 +09:00
Ryan Mulligan
e543aa7d68 doc: explain better where SSH host keys come from in tutorial
fixes #17
2021-05-12 20:37:55 -07:00
Ryan Mulligan
20a5c3d256
Merge pull request #44 from ryantm/umask
fix: umask
2021-05-12 20:33:50 -07:00
Ryan Mulligan
400e5208be doc: be more forceful about needing at least 20.09 2021-05-12 20:21:42 -07:00
Ryan Mulligan
b69fd62fbb fix: umask
fixes #38
2021-05-12 20:11:17 -07:00
Ryan Mulligan
c27b6334a2
Merge pull request #42 from ryantm/flake
fix: stop using flake-utils to fix flake show and flake check
2021-05-10 10:46:18 -07:00
Ryan Mulligan
b25c37a869
Merge pull request #40 from ryantm/test
add a NixOS test for setting a user's passwordFile with agenix; and some features/fixes this required
2021-05-10 10:44:18 -07:00
Ryan Mulligan
1ed5f6d3a9 fix: flake show and flake check
remove flake-utils
2021-05-09 15:36:04 -07:00
Ryan Mulligan
dd29ebafac Merge remote-tracking branch 'veehaitch/update-flake' into test 2021-05-09 14:27:50 -07:00
Ryan Mulligan
419c6cc281 dev: add integration test 2021-05-09 14:22:48 -07:00
Ryan Mulligan
6aec6889ba feature: use uid 0 and gid 0 as default owner and group (consider them root)
This assumes that the root user is always uid 0 and gid 0, which I
believe is a safe assumption. The reason to add this is because when a
declarative VM (for example, a NixOS test) or image boots the first
time, the installRootOwnedSecrets activation script runs BEFORE the
"users" and "groups" activation scripts, so the user and group for
root is not created. Using uid 0 and gid 0 gets around the root user
not being set up yet.
2021-05-09 14:18:20 -07:00
Ryan Mulligan
ecee2c76b9 fix: allow deps of installRootOwnedSecrets activation script to be overridden 2021-05-09 14:17:48 -07:00
Ryan Mulligan
c12ac8b6f3
Merge pull request #34 from edrex/patch-1
Extend the tutorial to describe location of decrypted secrets
2021-05-06 06:18:42 -07:00
Ryan Mulligan
204bd95d30 fix: pin more uses of sed 2021-05-04 20:28:24 -07:00
Ryan Mulligan
8e1647070b
Merge pull request #37 from ryantm/specify-binaries
fix: pin down all binaries outside of coreutils
2021-05-04 18:04:10 -07:00
Ryan Mulligan
0b6987f914 fix: pin down all binaries outside of coreutils
The default sed was having trouble with newline splitting on MacOS.
2021-05-04 06:24:31 -07:00
Ryan Mulligan
8652eb6cf3
doc: update readme notice 2021-05-02 18:27:44 -07:00
Vincent Haupert
a0e97fd8e7
flake.lock: Update
Flake input changes:

* Updated 'flake-utils': 'github:numtide/flake-utils/3cd06d3c1df6879c9e41cb2c33113df10566c760' -> 'github:numtide/flake-utils/eed214942bcfb3a8cc09eb3b28ca7d7221e44a94'
* Updated 'nixpkgs': 'github:NixOS/nixpkgs/7ff50a7f7b9a701228f870813fe58f01950f870b' -> 'path:/nix/store/z1rf17q0fxj935cmplzys4gg6nxj1as0-source?lastModified=1618628710&narHash=sha256-9xIoU+BrCpjs5nfWcd%2fGlU7XCVdnNKJPffoNTxgGfhs=&rev=7919518f0235106d050c77837df5e338fb94de5d'
2021-04-24 12:32:10 +02:00
Eric Drechsel
838c08e7b2
Update README.md
Co-authored-by: asymmetric <lorenzo@mailbox.org>
2021-04-08 17:03:08 -07:00
Eric Drechsel
a64940456c
Update README.md 2021-04-08 11:47:48 -07:00
Eric Drechsel
66374fb29e
Extend the tutorial to describe location of decrypted secrets 2021-04-08 11:43:54 -07:00
Ryan Mulligan
f30f0eeb11
Merge pull request #32 from felixscheinost/feature/fix-wrong-import
Fix relative path to `rage.nix`
2021-03-16 10:47:12 -07:00
Felix Scheinost
3f07139990 Fix relative path 2021-03-16 18:31:27 +01:00
Ryan Mulligan
9eb981eeb5
Merge pull request #30 from cole-h/cond-module
modules/age: build local rage if pkgs.rage is older than 0.5.0
2021-03-01 14:08:09 -08:00
Cole Helbling
ef7ec993e8
modules/age: build local rage if pkgs.rage is older than 0.5.0 2021-03-01 13:11:02 -08:00
Cole Helbling
9b8f6c01fe
modules/age: nixpkgs-fmt 2021-03-01 13:10:52 -08:00
Ryan Mulligan
ed7e69bff3
Merge pull request #28 from cole-h/locale
modules/age: set LANG
2021-02-25 17:25:31 -08:00
Cole Helbling
7ba959742e
modules/age: set LANG
rage has a localization crate as a dependency that whines when LANG
is unset.
2021-02-25 15:16:28 -08:00
Ryan Mulligan
a704a85cbd fix Darwin? 2021-02-13 09:46:33 -08:00
Ryan Mulligan
ddb81b8bda Merge branch 'rien/master' fix suppory for aarch64 2021-02-08 18:50:16 -08:00
Ryan Mulligan
c81f804195
Merge pull request #20 from felixscheinost/master
Need Foundation to build i18n-embed-fl on darwin
2021-02-08 18:46:27 -08:00
Felix Scheinost
cd916fad67 Need Foundation to build i18n-embed-fl on darwin 2021-02-04 21:21:23 +01:00
Rien Maertens
017422ed4c
Conditionally build rage if version is below 0.5.0 2021-01-31 22:39:30 +01:00
Rien Maertens
a678a8748c
Update rage to latest package definition 2021-01-31 22:39:25 +01:00
Ryan Mulligan
37b1d2aa3f
Merge pull request #12 from blaggacao/da-overlay
add overlay
2020-12-30 13:43:18 -08:00
David Arnold
56b1cb99da
Update overlay.nix
Co-authored-by: Ryan Mulligan <ryan@ryantm.com>
2020-12-30 16:18:38 -05:00
David Arnold
f477ca6041
add overlay 2020-12-28 22:39:16 -05:00
Ryan Mulligan
85fd85e318
Merge pull request #10 from AluisioASG/all-non-root-secrets
correctly list non-root secrets
2020-12-21 21:40:20 -08:00
Aluísio Augusto Silva Gonçalves
b0a48f587e
correctly list non-root secrets
Secrets that are only partly owned by root (i.e. either user or group
are not 'root') are now accounted for during activation.
2020-12-22 01:34:35 -03:00
Ryan Mulligan
553d1f5caa Merge branch 'flake-nixos-module' 2020-12-19 09:44:43 -08:00
Ryan Mulligan
920acdd8ff add verbose flag 2020-12-19 08:53:44 -08:00
Aluísio Augusto Silva Gonçalves
c1cbfe75b0
export module as system-independent flake output
Flake outputs are a mixture of system-dependent and system-independent
sets, and flake-utils doesn't do much to distinguish one from the other.
Because of that, the `age` NixOS module currently has to be acessed as
`agenix.nixosModules.${system}.age`, rather than the documented
`agenix.nixosModules.age`.

To remedy that, (conceptually) split `outputs` in two, let flake-utils
handle the system-dependent half, and merge them to form the actual
outputs.  The names for the two halves were taken from [1].

[1]: https://github.com/NixOS/nix/issues/3843#issuecomment-661720562
2020-12-19 01:53:37 -03:00
Ryan Mulligan
092ba8b166
Merge pull request #7 from ryantm/issue5
use only ~/.ssh/id_rsa and ~/.ssh/id_ed25519 for decryption; friendlier error message when no identity
2020-12-18 20:07:22 -08:00
Ryan Mulligan
de625b5298 add friendlier error message in the event of no identity
fixes #6
2020-12-18 20:02:13 -08:00
Ryan Mulligan
be7bad2c12 use only ~/.ssh/id_rsa and ~/.ssh/id_ed25519 for decryption
fixes #5
2020-12-18 19:23:47 -08:00