mynix/agenix
1
0
Fork 0
mirror of https://github.com/ryantm/agenix.git synced 2024-11-25 11:08:30 +03:00
Code Issues Projects Releases Packages Wiki Activity
124 commits 4 branches 12 tags 611 KiB
Commit graph

124 commits

This branch
This branch
All branches
Author SHA1 Message Date
Taeer Bar-Yam
720d1daa54 implement template secrets 
These secrets have a template file which refers to other secrets, which
we splice in at activation time. This way we can have part of the file
be secret, and part of it public.
 2022-01-18 13:29:05 -05:00
Taeer Bar-Yam
ff2c06f69f service -> services 2022-01-18 09:08:46 -05:00
Taeer Bar-Yam
20ed4c9917
clearer comment 
Co-authored-by: Winter <78392041+winterqt@users.noreply.github.com>
 2022-01-13 09:57:27 -05:00
Taeer Bar-Yam
957c7c0918
hashString (readFile ...) -> hashFile 
Co-authored-by: Winter <78392041+winterqt@users.noreply.github.com>
 2022-01-13 09:57:04 -05:00
Taeer Bar-Yam
72d63d37eb add age.secrets.*.{action,service} 
represents an action to perform or systemd service to restart when the
secret changes
 2022-01-12 15:58:25 -05:00
Ryan Mulligan
08b9c96878
Merge pull request #93 from jtojnar/create-run 
Ensure /run is created before mounting secrets
 2022-01-07 09:24:25 -08:00
Jan Tojnar
35ecba5704 Do not try to create /run/agenix in when installing secrets 
That is a job for agenixMountSecrets, which should have already
created a symlink there so the directory creation attempt would
fail anyway.
 2022-01-06 22:55:10 +01:00
Jan Tojnar
26edd03a5a Ensure /run is created before mounting secrets 
Otherwise /run/agenix might disappear if specialfs is toposorted
between agenixMountSecrets and agenixRoot.

Fixes: https://github.com/ryantm/agenix/issues/92
 2022-01-06 22:50:56 +01:00
Ryan Mulligan
c5558c88b2 doc: fix niv CLI installation instructions 2021-12-29 10:20:00 -08:00
Ryan Mulligan
c882982544
Merge pull request #88 from ryantm/readme 
doc: table of contents and better installation instructions
 2021-12-29 10:18:18 -08:00
Ryan Mulligan
d00ce39997 doc: remove old NixOS version compatibility notice 2021-12-29 10:17:14 -08:00
Ryan Mulligan
81ebe4f1f4 doc: table of contents and better installation instructions 2021-12-29 10:15:09 -08:00
Ryan Mulligan
57806bf7e3
Merge pull request #82 from ryantm/identitypaths 
feature: rename age.sshKeyPaths to age.identityPaths
 2021-12-06 16:37:36 -08:00
Ryan Mulligan
dfb2e7e591 feature: rename age.sshKeyPaths to age.identityPaths 
implements #66
 2021-12-05 16:05:06 -08:00
Ryan Mulligan
c53ac31e44
Merge pull request #81 from chuangzhu/agebin 
Allow customizing ageBin
 2021-12-05 15:53:34 -08:00
Chuang Zhu
d85abe9f12
update README 2021-12-06 07:18:47 +08:00
Chuang Zhu
c2f6bd077c
allow customizing ageBin 2021-12-06 07:08:18 +08:00
Ryan Mulligan
52ea2f8c32
Merge pull request #78 from mausch/patch-1 
Fix reference to module in docs
 2021-11-30 16:38:58 -08:00
Mauricio Scheffer
4625cd526f
Fix reference to module in docs 2021-11-30 23:08:57 +00:00
Ryan Mulligan
f85eea0e29
Merge pull request #77 from Sohalt/main 
update option descriptions
 2021-11-24 14:43:10 -08:00
sohalt
ed0d9ef01a update option descriptions 2021-11-24 18:00:28 +01:00
Ryan Mulligan
a0e9ca505c
Merge pull request #73 from ymarkus/readme 
README: clarify that 'config' has to be prefixed
 2021-11-22 16:06:15 -08:00
Yannick Markus
8bf3896818
README: clarify that 'config' has to be prefixed 2021-11-21 15:13:56 +01:00
Ryan Mulligan
4a93de2beb
readme: master -> main 2021-11-20 17:30:45 -08:00
Ryan Mulligan
cb0fe60ff1
Merge pull request #72 from oslerw/patch-1 
Install instructions: master -> main
 2021-11-20 17:12:49 -08:00
William Osler
fc8272d31c
master -> main 
Fix installation instructions for channel installation, now that the default branch name has changed.
 2021-11-20 16:29:27 -08:00
Ryan Mulligan
4fefd7cfff
Merge pull request #71 from ryantm/fix-non-root-secrets 
fix: make non-root secrets accessible again
 2021-11-20 12:23:07 -08:00
Ryan Mulligan
5ff75b48b4 fix: make non-root secrets accessible again 
fixes #69
 2021-11-20 12:19:52 -08:00
Ryan Mulligan
b8e873bc23 ci: split linux and macos 
That wasn't how you do it.
 2021-11-20 11:39:24 -08:00
Ryan Mulligan
12e5225c9c ci: fix NixOS tests, try macos 2021-11-20 11:37:06 -08:00
Ryan Mulligan
c7906a8021 ci: run nix *flake* check 2021-11-20 11:31:38 -08:00
Ryan Mulligan
b12f117555 ci: run nix check 2021-11-20 11:30:40 -08:00
Cole Helbling
7bb0b5d7f1 modules/age: add option to disable symlinking 
There are some cases where it may be better or even required to have the
secret be a file that is not a symlink. Setting

    age.secrets.some-secret.symlink = false;

will disable the default functionality of symlinking secrets and instead
just forcibly move them to their `path`.
 2021-11-15 21:39:32 -08:00
Cole Helbling
e538664435 modules/age: /run/secrets -> /run/agenix 2021-11-15 21:39:32 -08:00
Cole Helbling
111754b894 modules/age: remove old secrets generations 2021-11-15 21:39:32 -08:00
Cole Helbling
f816a0d5df modules/age: symlink files into place 
This follows sops-nix's implementation, where it creates a
`/run/secrets.d` ramfs mountpoint and a "generation" each time
the activation script runs, and then symlinks `/run/secrets` to
`/run/secrets.d/[generation]`.
 2021-11-15 21:39:32 -08:00
Ryan Mulligan
53aa91b417
Merge pull request #62 from yaymukund/document-overlay-usage 
Document how to install the binary in a `nix-channel` install.
 2021-10-16 10:07:08 -07:00
Mukund Lakshman
b5cb1a07c0 Document how to install the binary in a nix-channel install. 2021-10-16 12:04:16 -04:00
Ryan Mulligan
daf1d77398
Merge pull request #59 from ryantm/workaround54 
fix: remove workaround for #54
 2021-09-17 09:31:09 -07:00
Ryan Mulligan
6d9fdcbd70 fix: remove workaround for #54 
https://github.com/NixOS/nixpkgs/pull/137508 should remove the need
for this.
 2021-09-16 15:39:38 -07:00
Ryan Mulligan
5c5bc28256
Merge pull request #57 from ryantm/workaround54 
fix: workaround for #54
 2021-09-10 19:04:24 -07:00
Ryan Mulligan
375a33cd97 fix: workaround for #54 2021-09-10 16:30:05 -07:00
Ryan Mulligan
e6752e7b85
Merge pull request #52 from gabysbrain/patch-1 
add .nix extensions
 2021-08-01 05:56:27 -07:00
Tom Torsney-Weir
1a09f60c3a
add .nix extensions 
on my system (21.05.1759.91903ceb294 (Okapi)) I needed to add the .nix extensions on age to get nixos-rebuild to find the module. This seems to be inline with the modules directory structure:
`modules/age/nix`
rather than
`modules/age/default.nix`
but I'm not an expert on nix's file naming conventions
 2021-08-01 13:26:50 +02:00
Ryan Mulligan
6e5ca0926e
Merge pull request #49 from ngkz/master 
run activation scripts after /run mount
 2021-07-30 15:54:13 -07:00
Ryan Mulligan
fb00f178b3
Merge pull request #51 from michaeladler/fix/diff-command-not-found 
Make 'diff' an explicit dependency
 2021-07-22 06:27:35 -07:00
Michael Adler
5c1fbaabc2 Make 'diff' an explicit dependency 2021-07-22 13:58:29 +02:00
Ryan Mulligan
85da8b7366 add meta.description 
closes #47
closes #48
 2021-07-20 08:50:08 -07:00
Kazutoshi Noguchi
8bad14fe08 run activation scripts after /run mount 2021-07-01 14:13:44 +09:00
Ryan Mulligan
e543aa7d68 doc: explain better where SSH host keys come from in tutorial 
fixes #17
 2021-05-12 20:37:55 -07:00