Ryan Mulligan
6aec6889ba
feature: use uid 0 and gid 0 as default owner and group (consider them root)
...
This assumes that the root user is always uid 0 and gid 0, which I
believe is a safe assumption. The reason to add this is because when a
declarative VM (for example, a NixOS test) or image boots the first
time, the installRootOwnedSecrets activation script runs BEFORE the
"users" and "groups" activation scripts, so the user and group for
root is not created. Using uid 0 and gid 0 gets around the root user
not being set up yet.
2021-05-09 14:18:20 -07:00
Ryan Mulligan
ecee2c76b9
fix: allow deps of installRootOwnedSecrets activation script to be overridden
2021-05-09 14:17:48 -07:00
Ryan Mulligan
204bd95d30
fix: pin more uses of sed
2021-05-04 20:28:24 -07:00
Ryan Mulligan
8e1647070b
Merge pull request #37 from ryantm/specify-binaries
...
fix: pin down all binaries outside of coreutils
2021-05-04 18:04:10 -07:00
Ryan Mulligan
0b6987f914
fix: pin down all binaries outside of coreutils
...
The default sed was having trouble with newline splitting on MacOS.
2021-05-04 06:24:31 -07:00
Ryan Mulligan
8652eb6cf3
doc: update readme notice
2021-05-02 18:27:44 -07:00
Ryan Mulligan
f30f0eeb11
Merge pull request #32 from felixscheinost/feature/fix-wrong-import
...
Fix relative path to `rage.nix`
2021-03-16 10:47:12 -07:00
Felix Scheinost
3f07139990
Fix relative path
2021-03-16 18:31:27 +01:00
Ryan Mulligan
9eb981eeb5
Merge pull request #30 from cole-h/cond-module
...
modules/age: build local rage if pkgs.rage is older than 0.5.0
2021-03-01 14:08:09 -08:00
Cole Helbling
ef7ec993e8
modules/age: build local rage if pkgs.rage is older than 0.5.0
2021-03-01 13:11:02 -08:00
Cole Helbling
9b8f6c01fe
modules/age: nixpkgs-fmt
2021-03-01 13:10:52 -08:00
Ryan Mulligan
ed7e69bff3
Merge pull request #28 from cole-h/locale
...
modules/age: set LANG
2021-02-25 17:25:31 -08:00
Cole Helbling
7ba959742e
modules/age: set LANG
...
rage has a localization crate as a dependency that whines when LANG
is unset.
2021-02-25 15:16:28 -08:00
Ryan Mulligan
a704a85cbd
fix Darwin?
2021-02-13 09:46:33 -08:00
Ryan Mulligan
ddb81b8bda
Merge branch 'rien/master' fix suppory for aarch64
2021-02-08 18:50:16 -08:00
Ryan Mulligan
c81f804195
Merge pull request #20 from felixscheinost/master
...
Need Foundation to build i18n-embed-fl on darwin
2021-02-08 18:46:27 -08:00
Felix Scheinost
cd916fad67
Need Foundation to build i18n-embed-fl on darwin
2021-02-04 21:21:23 +01:00
Rien Maertens
017422ed4c
Conditionally build rage if version is below 0.5.0
2021-01-31 22:39:30 +01:00
Rien Maertens
a678a8748c
Update rage to latest package definition
2021-01-31 22:39:25 +01:00
Ryan Mulligan
37b1d2aa3f
Merge pull request #12 from blaggacao/da-overlay
...
add overlay
2020-12-30 13:43:18 -08:00
David Arnold
56b1cb99da
Update overlay.nix
...
Co-authored-by: Ryan Mulligan <ryan@ryantm.com>
2020-12-30 16:18:38 -05:00
David Arnold
f477ca6041
add overlay
2020-12-28 22:39:16 -05:00
Ryan Mulligan
85fd85e318
Merge pull request #10 from AluisioASG/all-non-root-secrets
...
correctly list non-root secrets
2020-12-21 21:40:20 -08:00
Aluísio Augusto Silva Gonçalves
b0a48f587e
correctly list non-root secrets
...
Secrets that are only partly owned by root (i.e. either user or group
are not 'root') are now accounted for during activation.
2020-12-22 01:34:35 -03:00
Ryan Mulligan
553d1f5caa
Merge branch 'flake-nixos-module'
2020-12-19 09:44:43 -08:00
Ryan Mulligan
920acdd8ff
add verbose flag
2020-12-19 08:53:44 -08:00
Aluísio Augusto Silva Gonçalves
c1cbfe75b0
export module as system-independent flake output
...
Flake outputs are a mixture of system-dependent and system-independent
sets, and flake-utils doesn't do much to distinguish one from the other.
Because of that, the `age` NixOS module currently has to be acessed as
`agenix.nixosModules.${system}.age`, rather than the documented
`agenix.nixosModules.age`.
To remedy that, (conceptually) split `outputs` in two, let flake-utils
handle the system-dependent half, and merge them to form the actual
outputs. The names for the two halves were taken from [1].
[1]: https://github.com/NixOS/nix/issues/3843#issuecomment-661720562
2020-12-19 01:53:37 -03:00
Ryan Mulligan
092ba8b166
Merge pull request #7 from ryantm/issue5
...
use only ~/.ssh/id_rsa and ~/.ssh/id_ed25519 for decryption; friendlier error message when no identity
2020-12-18 20:07:22 -08:00
Ryan Mulligan
de625b5298
add friendlier error message in the event of no identity
...
fixes #6
2020-12-18 20:02:13 -08:00
Ryan Mulligan
be7bad2c12
use only ~/.ssh/id_rsa and ~/.ssh/id_ed25519 for decryption
...
fixes #5
2020-12-18 19:23:47 -08:00
Ryan Mulligan
8af97149b2
Add notice about password-protected ssh keys
2020-12-18 15:41:06 -08:00
Ryan Mulligan
d42ba6964b
Merge pull request #3 from bbigras/patch-1
...
fix typo in README
2020-12-18 11:48:49 -08:00
Bruno Bigras
2f2b526539
fix typo in README
2020-12-18 19:37:23 +00:00
Ryan Mulligan
fbd9e29ac9
add notice about root-owned secrets
2020-12-18 10:09:17 -08:00
Ryan Mulligan
0650e51720
update README
2020-12-18 09:49:50 -08:00
Ryan Mulligan
baf623214b
Merge branch 'master' of github.com:ryantm/age-nix into master
2020-11-20 17:55:23 -08:00
Ryan Mulligan
fd34de02a2
more messages while activationscript run & make sure directory exists before decrypting
2020-11-20 16:28:37 -08:00
Ryan Mulligan
5fcb31e390
show age binary version and path in help message
2020-09-18 13:13:54 -07:00
Ryan Mulligan
07ce686870
use unstable verison of rage in place of age
...
* age limits the number of recipients to 20
* the latest release of rage (0.4.0) doesn't work with ssh-rsa keys
2020-09-18 12:42:20 -07:00
Ryan Mulligan
aecba55db6
install root owned secrets sooner
2020-09-09 20:44:45 -07:00
Ryan Mulligan
d2dc883f3a
README rewording
2020-09-04 07:13:03 -07:00
Ryan Mulligan
c89ed72dc6
rename public_keys to publicKeys
...
more idiomatic
2020-09-03 21:13:10 -07:00
Ryan Mulligan
5e68735d26
README improvements
2020-09-03 21:12:02 -07:00
Ryan Mulligan
f38625001d
exit of sub commands fail; don't re-encrypt if there is no diff; apply some shellcheck suggestions
2020-09-03 16:51:23 -07:00
Ryan Mulligan
b381af08ec
use nix-instantiate instead of nix eval
...
it has a more stable API
2020-09-03 16:07:43 -07:00
Ryan Mulligan
ac8d259fb9
fix spacing
2020-09-03 15:19:30 -07:00
Ryan Mulligan
7957842d88
use Nix instead of YAML
2020-09-03 15:18:20 -07:00
Ryan Mulligan
91ff516ef6
fix description of secretType.path
...
It talked about symlinks which isn't a feature of this yet.
2020-09-03 13:41:45 -07:00
Ryan Mulligan
1f7893895f
README wording
2020-09-03 13:35:15 -07:00
Ryan Mulligan
0865860e1c
fix README syntax
2020-09-03 13:25:24 -07:00