mynix/agenix
1
0
Fork 0
mirror of https://github.com/ryantm/agenix.git synced 2024-11-10 04:30:46 +03:00
Code Issues Projects Releases Packages Wiki Activity
302 commits 4 branches 12 tags 597 KiB
Commit graph

302 commits

This branch
This branch
All branches
Author SHA1 Message Date
Yannick Markus
8bf3896818
README: clarify that 'config' has to be prefixed 2021-11-21 15:13:56 +01:00
Ryan Mulligan
4a93de2beb
readme: master -> main 2021-11-20 17:30:45 -08:00
Ryan Mulligan
cb0fe60ff1
Merge pull request #72 from oslerw/patch-1 
Install instructions: master -> main
 2021-11-20 17:12:49 -08:00
William Osler
fc8272d31c
master -> main 
Fix installation instructions for channel installation, now that the default branch name has changed.
 2021-11-20 16:29:27 -08:00
Ryan Mulligan
4fefd7cfff
Merge pull request #71 from ryantm/fix-non-root-secrets 
fix: make non-root secrets accessible again
 2021-11-20 12:23:07 -08:00
Ryan Mulligan
5ff75b48b4 fix: make non-root secrets accessible again 
fixes #69
 2021-11-20 12:19:52 -08:00
Ryan Mulligan
b8e873bc23 ci: split linux and macos 
That wasn't how you do it.
 2021-11-20 11:39:24 -08:00
Ryan Mulligan
12e5225c9c ci: fix NixOS tests, try macos 2021-11-20 11:37:06 -08:00
Ryan Mulligan
c7906a8021 ci: run nix *flake* check 2021-11-20 11:31:38 -08:00
Ryan Mulligan
b12f117555 ci: run nix check 2021-11-20 11:30:40 -08:00
Cole Helbling
7bb0b5d7f1 modules/age: add option to disable symlinking 
There are some cases where it may be better or even required to have the
secret be a file that is not a symlink. Setting

    age.secrets.some-secret.symlink = false;

will disable the default functionality of symlinking secrets and instead
just forcibly move them to their `path`.
 2021-11-15 21:39:32 -08:00
Cole Helbling
e538664435 modules/age: /run/secrets -> /run/agenix 2021-11-15 21:39:32 -08:00
Cole Helbling
111754b894 modules/age: remove old secrets generations 2021-11-15 21:39:32 -08:00
Cole Helbling
f816a0d5df modules/age: symlink files into place 
This follows sops-nix's implementation, where it creates a
`/run/secrets.d` ramfs mountpoint and a "generation" each time
the activation script runs, and then symlinks `/run/secrets` to
`/run/secrets.d/[generation]`.
 2021-11-15 21:39:32 -08:00
Ryan Mulligan
53aa91b417
Merge pull request #62 from yaymukund/document-overlay-usage 
Document how to install the binary in a `nix-channel` install.
 2021-10-16 10:07:08 -07:00
Mukund Lakshman
b5cb1a07c0 Document how to install the binary in a nix-channel install. 2021-10-16 12:04:16 -04:00
Ryan Mulligan
daf1d77398
Merge pull request #59 from ryantm/workaround54 
fix: remove workaround for #54
 2021-09-17 09:31:09 -07:00
Ryan Mulligan
6d9fdcbd70 fix: remove workaround for #54 
https://github.com/NixOS/nixpkgs/pull/137508 should remove the need
for this.
 2021-09-16 15:39:38 -07:00
Ryan Mulligan
5c5bc28256
Merge pull request #57 from ryantm/workaround54 
fix: workaround for #54
 2021-09-10 19:04:24 -07:00
Ryan Mulligan
375a33cd97 fix: workaround for #54 2021-09-10 16:30:05 -07:00
Ryan Mulligan
e6752e7b85
Merge pull request #52 from gabysbrain/patch-1 
add .nix extensions
 2021-08-01 05:56:27 -07:00
Tom Torsney-Weir
1a09f60c3a
add .nix extensions 
on my system (21.05.1759.91903ceb294 (Okapi)) I needed to add the .nix extensions on age to get nixos-rebuild to find the module. This seems to be inline with the modules directory structure:
`modules/age/nix`
rather than
`modules/age/default.nix`
but I'm not an expert on nix's file naming conventions
 2021-08-01 13:26:50 +02:00
Ryan Mulligan
6e5ca0926e
Merge pull request #49 from ngkz/master 
run activation scripts after /run mount
 2021-07-30 15:54:13 -07:00
Ryan Mulligan
fb00f178b3
Merge pull request #51 from michaeladler/fix/diff-command-not-found 
Make 'diff' an explicit dependency
 2021-07-22 06:27:35 -07:00
Michael Adler
5c1fbaabc2 Make 'diff' an explicit dependency 2021-07-22 13:58:29 +02:00
Ryan Mulligan
85da8b7366 add meta.description 
closes #47
closes #48
 2021-07-20 08:50:08 -07:00
Kazutoshi Noguchi
8bad14fe08 run activation scripts after /run mount 2021-07-01 14:13:44 +09:00
Ryan Mulligan
e543aa7d68 doc: explain better where SSH host keys come from in tutorial 
fixes #17
 2021-05-12 20:37:55 -07:00
Ryan Mulligan
20a5c3d256
Merge pull request #44 from ryantm/umask 
fix: umask
 2021-05-12 20:33:50 -07:00
Ryan Mulligan
400e5208be doc: be more forceful about needing at least 20.09 2021-05-12 20:21:42 -07:00
Ryan Mulligan
b69fd62fbb fix: umask 
fixes #38
 2021-05-12 20:11:17 -07:00
Ryan Mulligan
c27b6334a2
Merge pull request #42 from ryantm/flake 
fix: stop using flake-utils to fix flake show and flake check
 2021-05-10 10:46:18 -07:00
Ryan Mulligan
b25c37a869
Merge pull request #40 from ryantm/test 
add a NixOS test for setting a user's passwordFile with agenix; and some features/fixes this required
 2021-05-10 10:44:18 -07:00
Ryan Mulligan
1ed5f6d3a9 fix: flake show and flake check 
remove flake-utils
 2021-05-09 15:36:04 -07:00
Ryan Mulligan
dd29ebafac Merge remote-tracking branch 'veehaitch/update-flake' into test 2021-05-09 14:27:50 -07:00
Ryan Mulligan
419c6cc281 dev: add integration test 2021-05-09 14:22:48 -07:00
Ryan Mulligan
6aec6889ba feature: use uid 0 and gid 0 as default owner and group (consider them root) 
This assumes that the root user is always uid 0 and gid 0, which I
believe is a safe assumption. The reason to add this is because when a
declarative VM (for example, a NixOS test) or image boots the first
time, the installRootOwnedSecrets activation script runs BEFORE the
"users" and "groups" activation scripts, so the user and group for
root is not created. Using uid 0 and gid 0 gets around the root user
not being set up yet.
 2021-05-09 14:18:20 -07:00
Ryan Mulligan
ecee2c76b9 fix: allow deps of installRootOwnedSecrets activation script to be overridden 2021-05-09 14:17:48 -07:00
Ryan Mulligan
c12ac8b6f3
Merge pull request #34 from edrex/patch-1 
Extend the tutorial to describe location of decrypted secrets
 2021-05-06 06:18:42 -07:00
Ryan Mulligan
204bd95d30 fix: pin more uses of sed 2021-05-04 20:28:24 -07:00
Ryan Mulligan
8e1647070b
Merge pull request #37 from ryantm/specify-binaries 
fix: pin down all binaries outside of coreutils
 2021-05-04 18:04:10 -07:00
Ryan Mulligan
0b6987f914 fix: pin down all binaries outside of coreutils 
The default sed was having trouble with newline splitting on MacOS.
 2021-05-04 06:24:31 -07:00
Ryan Mulligan
8652eb6cf3
doc: update readme notice 2021-05-02 18:27:44 -07:00
Vincent Haupert
a0e97fd8e7
flake.lock: Update 
Flake input changes:

* Updated 'flake-utils': 'github:numtide/flake-utils/3cd06d3c1df6879c9e41cb2c33113df10566c760' -> 'github:numtide/flake-utils/eed214942bcfb3a8cc09eb3b28ca7d7221e44a94'
* Updated 'nixpkgs': 'github:NixOS/nixpkgs/7ff50a7f7b9a701228f870813fe58f01950f870b' -> 'path:/nix/store/z1rf17q0fxj935cmplzys4gg6nxj1as0-source?lastModified=1618628710&narHash=sha256-9xIoU+BrCpjs5nfWcd%2fGlU7XCVdnNKJPffoNTxgGfhs=&rev=7919518f0235106d050c77837df5e338fb94de5d'
 2021-04-24 12:32:10 +02:00
Eric Drechsel
838c08e7b2
Update README.md 
Co-authored-by: asymmetric <lorenzo@mailbox.org>
 2021-04-08 17:03:08 -07:00
Eric Drechsel
a64940456c
Update README.md 2021-04-08 11:47:48 -07:00
Eric Drechsel
66374fb29e
Extend the tutorial to describe location of decrypted secrets 2021-04-08 11:43:54 -07:00
Ryan Mulligan
f30f0eeb11
Merge pull request #32 from felixscheinost/feature/fix-wrong-import 
Fix relative path to `rage.nix`
 2021-03-16 10:47:12 -07:00
Felix Scheinost
3f07139990 Fix relative path 2021-03-16 18:31:27 +01:00
Ryan Mulligan
9eb981eeb5
Merge pull request #30 from cole-h/cond-module 
modules/age: build local rage if pkgs.rage is older than 0.5.0
 2021-03-01 14:08:09 -08:00