Commit graph

20 commits

Author SHA1 Message Date
Ryan Mulligan
b69fd62fbb fix: umask
fixes #38
2021-05-12 20:11:17 -07:00
Ryan Mulligan
6aec6889ba feature: use uid 0 and gid 0 as default owner and group (consider them root)
This assumes that the root user is always uid 0 and gid 0, which I
believe is a safe assumption. The reason to add this is because when a
declarative VM (for example, a NixOS test) or image boots the first
time, the installRootOwnedSecrets activation script runs BEFORE the
"users" and "groups" activation scripts, so the user and group for
root is not created. Using uid 0 and gid 0 gets around the root user
not being set up yet.
2021-05-09 14:18:20 -07:00
Ryan Mulligan
ecee2c76b9 fix: allow deps of installRootOwnedSecrets activation script to be overridden 2021-05-09 14:17:48 -07:00
Felix Scheinost
3f07139990 Fix relative path 2021-03-16 18:31:27 +01:00
Cole Helbling
ef7ec993e8
modules/age: build local rage if pkgs.rage is older than 0.5.0 2021-03-01 13:11:02 -08:00
Cole Helbling
9b8f6c01fe
modules/age: nixpkgs-fmt 2021-03-01 13:10:52 -08:00
Cole Helbling
7ba959742e
modules/age: set LANG
rage has a localization crate as a dependency that whines when LANG
is unset.
2021-02-25 15:16:28 -08:00
Aluísio Augusto Silva Gonçalves
b0a48f587e
correctly list non-root secrets
Secrets that are only partly owned by root (i.e. either user or group
are not 'root') are now accounted for during activation.
2020-12-22 01:34:35 -03:00
Ryan Mulligan
baf623214b Merge branch 'master' of github.com:ryantm/age-nix into master 2020-11-20 17:55:23 -08:00
Ryan Mulligan
fd34de02a2 more messages while activationscript run & make sure directory exists before decrypting 2020-11-20 16:28:37 -08:00
Ryan Mulligan
07ce686870 use unstable verison of rage in place of age
* age limits the number of recipients to 20
* the latest release of rage (0.4.0) doesn't work with ssh-rsa keys
2020-09-18 12:42:20 -07:00
Ryan Mulligan
aecba55db6 install root owned secrets sooner 2020-09-09 20:44:45 -07:00
Ryan Mulligan
91ff516ef6 fix description of secretType.path
It talked about symlinks which isn't a feature of this yet.
2020-09-03 13:41:45 -07:00
Ryan Mulligan
79244b4fc3 add flake and default .nix files; add agenix command 2020-09-03 11:24:33 -07:00
Ryan Mulligan
4c2fd23693 add flake 2020-09-02 20:49:24 -07:00
Ryan Mulligan
c77d82e784 move identities definition to top too 2020-09-01 14:29:37 -07:00
Ryan Mulligan
4b6b3bba3d move installation instructions to top
they are the most important part for someone to review
2020-09-01 14:27:54 -07:00
Ryan Mulligan
568dede67c don't expose decrypted secret during installation 2020-08-31 22:21:50 -07:00
Ryan Mulligan
9388c9bbad remove trace 2020-08-31 22:18:40 -07:00
Ryan Mulligan
202ea075cf initial prototype 2020-08-31 21:37:26 -07:00