Commit graph

237 commits

Author SHA1 Message Date
Ryan Mulligan
f86b56229b feature: combine root and nonroot secret install; delay chowning 2022-07-10 11:47:58 -07:00
Jeroen Simonetti
fe206b4306
[module] change operation order
Change the order of operations to:

1. create new generation
2. decrypt secrets into new generation
3. symlink and remove old generation/secrets

Signed-off-by: Jeroen Simonetti <jeroen@simonetti.nl>
2022-07-10 19:12:55 +02:00
Ryan Mulligan
7e5e58b98c
Merge pull request #114 from timhae/newlines
remove empty lines in recipient keys file
2022-05-16 07:46:50 -07:00
Tim Häring
0e2fb13ecf remove newlines in recipient keys file
if not removed, empty lines will be added to the final encryption
command as --recipient '' which causes the command to fail with invalid
recipient ''
2022-05-15 20:03:52 +02:00
Ryan Mulligan
0d5e59ed64
Merge pull request #110 from ryantm/doc
doc: add readFile anti-pattern
2022-04-02 16:34:17 -07:00
Ryan Mulligan
f2ff19dc81 doc: add readFile anti-pattern 2022-04-02 15:11:48 -07:00
Ryan Mulligan
764c975e74
Merge pull request #106 from ryantm/warnings
feature: warn about missing files
2022-03-09 09:03:24 -08:00
Ryan Mulligan
25b5bcfce9
Merge pull request #80 from felixscheinost/add-aarch64-darwin-package
Add package for aarch64-darwin
2022-03-08 20:27:43 -08:00
Ryan Mulligan
1a4643b779 feature: warn about missing files
rage itself does not have good error messages when files are missing,
so add some of our own checks and warnings.
2022-03-08 08:00:43 -08:00
Ryan Mulligan
297cd58b41 doc: add Community and Support section 2022-02-28 19:34:22 -08:00
Ryan Mulligan
bad5a7be94 doc: use default nixosModule in NixOS flake 2022-02-28 19:29:39 -08:00
Ryan Mulligan
7309a8fc1f
Merge pull request #105 from luishfonseca/patch-1
Add default NixOS module to flake
2022-02-28 10:16:19 -08:00
Luís Fonseca
9316abd9f5
Add default NixOS module to flake
This adds a “default” NixOS module in flake.nix. This makes using this in flakes a little less verbose and repetitive.

Before this change:

```nix
nixpkgs.lib.nixosSystem {
  modules = [
    ./configuration.nix
    agenix.nixosModules.age
  ];
}
After this change:

```nix
nixpkgs.lib.nixosSystem {
  modules = [
    ./configuration.nix
    agenix.nixosModule
  ];
}
```
2022-02-28 17:38:21 +00:00
Ryan Mulligan
b4ab630f19
Merge pull request #103 from Pacman99/configure-secretsDir
modules/age: add option for secrets directory
2022-02-22 13:42:35 -08:00
Parthiv Seetharaman
85bd9d01ad modules/age: add option for secrets directory 2022-02-21 15:20:05 -08:00
Ryan Mulligan
a17d1f3055
Merge pull request #98 from nixinator/nixinator-just-spelling
correct readme spelling thats all
2022-02-02 14:42:37 -08:00
nixinator
3fbac9275f correct readme spelling thats all 2022-02-02 21:53:46 +00:00
Ryan Mulligan
08b9c96878
Merge pull request #93 from jtojnar/create-run
Ensure /run is created before mounting secrets
2022-01-07 09:24:25 -08:00
Jan Tojnar
35ecba5704 Do not try to create /run/agenix in when installing secrets
That is a job for agenixMountSecrets, which should have already
created a symlink there so the directory creation attempt would
fail anyway.
2022-01-06 22:55:10 +01:00
Jan Tojnar
26edd03a5a Ensure /run is created before mounting secrets
Otherwise /run/agenix might disappear if specialfs is toposorted
between agenixMountSecrets and agenixRoot.

Fixes: https://github.com/ryantm/agenix/issues/92
2022-01-06 22:50:56 +01:00
Ryan Mulligan
c5558c88b2 doc: fix niv CLI installation instructions 2021-12-29 10:20:00 -08:00
Ryan Mulligan
c882982544
Merge pull request #88 from ryantm/readme
doc: table of contents and better installation instructions
2021-12-29 10:18:18 -08:00
Ryan Mulligan
d00ce39997 doc: remove old NixOS version compatibility notice 2021-12-29 10:17:14 -08:00
Ryan Mulligan
81ebe4f1f4 doc: table of contents and better installation instructions 2021-12-29 10:15:09 -08:00
Ryan Mulligan
57806bf7e3
Merge pull request #82 from ryantm/identitypaths
feature: rename age.sshKeyPaths to age.identityPaths
2021-12-06 16:37:36 -08:00
Felix Scheinost
42a250cafa Add package for aarch64-darwin
flake.lock previously included a "indirect" reference to nixpkgs.

I am not sure what this means but I added `inputs.nixpkgs` and updated nixpkgs because this old version of nixpkgs didn't have any support for aarch64-darwin at all.

Now on a aarch64-darwin I can type `nix build` and get a working version of agenix.
2021-12-06 09:11:34 +01:00
Ryan Mulligan
dfb2e7e591 feature: rename age.sshKeyPaths to age.identityPaths
implements #66
2021-12-05 16:05:06 -08:00
Ryan Mulligan
c53ac31e44
Merge pull request #81 from chuangzhu/agebin
Allow customizing ageBin
2021-12-05 15:53:34 -08:00
Chuang Zhu
d85abe9f12
update README 2021-12-06 07:18:47 +08:00
Chuang Zhu
c2f6bd077c
allow customizing ageBin 2021-12-06 07:08:18 +08:00
Ryan Mulligan
52ea2f8c32
Merge pull request #78 from mausch/patch-1
Fix reference to module in docs
2021-11-30 16:38:58 -08:00
Mauricio Scheffer
4625cd526f
Fix reference to module in docs 2021-11-30 23:08:57 +00:00
Ryan Mulligan
f85eea0e29
Merge pull request #77 from Sohalt/main
update option descriptions
2021-11-24 14:43:10 -08:00
sohalt
ed0d9ef01a update option descriptions 2021-11-24 18:00:28 +01:00
Ryan Mulligan
a0e9ca505c
Merge pull request #73 from ymarkus/readme
README: clarify that 'config' has to be prefixed
2021-11-22 16:06:15 -08:00
Yannick Markus
8bf3896818
README: clarify that 'config' has to be prefixed 2021-11-21 15:13:56 +01:00
Ryan Mulligan
4a93de2beb
readme: master -> main 2021-11-20 17:30:45 -08:00
Ryan Mulligan
cb0fe60ff1
Merge pull request #72 from oslerw/patch-1
Install instructions: master -> main
2021-11-20 17:12:49 -08:00
William Osler
fc8272d31c
master -> main
Fix installation instructions for channel installation, now that the default branch name has changed.
2021-11-20 16:29:27 -08:00
Ryan Mulligan
4fefd7cfff
Merge pull request #71 from ryantm/fix-non-root-secrets
fix: make non-root secrets accessible again
2021-11-20 12:23:07 -08:00
Ryan Mulligan
5ff75b48b4 fix: make non-root secrets accessible again
fixes #69
2021-11-20 12:19:52 -08:00
Ryan Mulligan
b8e873bc23 ci: split linux and macos
That wasn't how you do it.
2021-11-20 11:39:24 -08:00
Ryan Mulligan
12e5225c9c ci: fix NixOS tests, try macos 2021-11-20 11:37:06 -08:00
Ryan Mulligan
c7906a8021 ci: run nix *flake* check 2021-11-20 11:31:38 -08:00
Ryan Mulligan
b12f117555 ci: run nix check 2021-11-20 11:30:40 -08:00
Cole Helbling
7bb0b5d7f1 modules/age: add option to disable symlinking
There are some cases where it may be better or even required to have the
secret be a file that is not a symlink. Setting

    age.secrets.some-secret.symlink = false;

will disable the default functionality of symlinking secrets and instead
just forcibly move them to their `path`.
2021-11-15 21:39:32 -08:00
Cole Helbling
e538664435 modules/age: /run/secrets -> /run/agenix 2021-11-15 21:39:32 -08:00
Cole Helbling
111754b894 modules/age: remove old secrets generations 2021-11-15 21:39:32 -08:00
Cole Helbling
f816a0d5df modules/age: symlink files into place
This follows sops-nix's implementation, where it creates a
`/run/secrets.d` ramfs mountpoint and a "generation" each time
the activation script runs, and then symlinks `/run/secrets` to
`/run/secrets.d/[generation]`.
2021-11-15 21:39:32 -08:00
Ryan Mulligan
53aa91b417
Merge pull request #62 from yaymukund/document-overlay-usage
Document how to install the binary in a `nix-channel` install.
2021-10-16 10:07:08 -07:00