Commit graph

121 commits

Author SHA1 Message Date
Taeer Bar-Yam
957c7c0918
hashString (readFile ...) -> hashFile
Co-authored-by: Winter <78392041+winterqt@users.noreply.github.com>
2022-01-13 09:57:04 -05:00
Taeer Bar-Yam
72d63d37eb add age.secrets.*.{action,service}
represents an action to perform or systemd service to restart when the
secret changes
2022-01-12 15:58:25 -05:00
Ryan Mulligan
08b9c96878
Merge pull request #93 from jtojnar/create-run
Ensure /run is created before mounting secrets
2022-01-07 09:24:25 -08:00
Jan Tojnar
35ecba5704 Do not try to create /run/agenix in when installing secrets
That is a job for agenixMountSecrets, which should have already
created a symlink there so the directory creation attempt would
fail anyway.
2022-01-06 22:55:10 +01:00
Jan Tojnar
26edd03a5a Ensure /run is created before mounting secrets
Otherwise /run/agenix might disappear if specialfs is toposorted
between agenixMountSecrets and agenixRoot.

Fixes: https://github.com/ryantm/agenix/issues/92
2022-01-06 22:50:56 +01:00
Ryan Mulligan
c5558c88b2 doc: fix niv CLI installation instructions 2021-12-29 10:20:00 -08:00
Ryan Mulligan
c882982544
Merge pull request #88 from ryantm/readme
doc: table of contents and better installation instructions
2021-12-29 10:18:18 -08:00
Ryan Mulligan
d00ce39997 doc: remove old NixOS version compatibility notice 2021-12-29 10:17:14 -08:00
Ryan Mulligan
81ebe4f1f4 doc: table of contents and better installation instructions 2021-12-29 10:15:09 -08:00
Ryan Mulligan
57806bf7e3
Merge pull request #82 from ryantm/identitypaths
feature: rename age.sshKeyPaths to age.identityPaths
2021-12-06 16:37:36 -08:00
Ryan Mulligan
dfb2e7e591 feature: rename age.sshKeyPaths to age.identityPaths
implements #66
2021-12-05 16:05:06 -08:00
Ryan Mulligan
c53ac31e44
Merge pull request #81 from chuangzhu/agebin
Allow customizing ageBin
2021-12-05 15:53:34 -08:00
Chuang Zhu
d85abe9f12
update README 2021-12-06 07:18:47 +08:00
Chuang Zhu
c2f6bd077c
allow customizing ageBin 2021-12-06 07:08:18 +08:00
Ryan Mulligan
52ea2f8c32
Merge pull request #78 from mausch/patch-1
Fix reference to module in docs
2021-11-30 16:38:58 -08:00
Mauricio Scheffer
4625cd526f
Fix reference to module in docs 2021-11-30 23:08:57 +00:00
Ryan Mulligan
f85eea0e29
Merge pull request #77 from Sohalt/main
update option descriptions
2021-11-24 14:43:10 -08:00
sohalt
ed0d9ef01a update option descriptions 2021-11-24 18:00:28 +01:00
Ryan Mulligan
a0e9ca505c
Merge pull request #73 from ymarkus/readme
README: clarify that 'config' has to be prefixed
2021-11-22 16:06:15 -08:00
Yannick Markus
8bf3896818
README: clarify that 'config' has to be prefixed 2021-11-21 15:13:56 +01:00
Ryan Mulligan
4a93de2beb
readme: master -> main 2021-11-20 17:30:45 -08:00
Ryan Mulligan
cb0fe60ff1
Merge pull request #72 from oslerw/patch-1
Install instructions: master -> main
2021-11-20 17:12:49 -08:00
William Osler
fc8272d31c
master -> main
Fix installation instructions for channel installation, now that the default branch name has changed.
2021-11-20 16:29:27 -08:00
Ryan Mulligan
4fefd7cfff
Merge pull request #71 from ryantm/fix-non-root-secrets
fix: make non-root secrets accessible again
2021-11-20 12:23:07 -08:00
Ryan Mulligan
5ff75b48b4 fix: make non-root secrets accessible again
fixes #69
2021-11-20 12:19:52 -08:00
Ryan Mulligan
b8e873bc23 ci: split linux and macos
That wasn't how you do it.
2021-11-20 11:39:24 -08:00
Ryan Mulligan
12e5225c9c ci: fix NixOS tests, try macos 2021-11-20 11:37:06 -08:00
Ryan Mulligan
c7906a8021 ci: run nix *flake* check 2021-11-20 11:31:38 -08:00
Ryan Mulligan
b12f117555 ci: run nix check 2021-11-20 11:30:40 -08:00
Cole Helbling
7bb0b5d7f1 modules/age: add option to disable symlinking
There are some cases where it may be better or even required to have the
secret be a file that is not a symlink. Setting

    age.secrets.some-secret.symlink = false;

will disable the default functionality of symlinking secrets and instead
just forcibly move them to their `path`.
2021-11-15 21:39:32 -08:00
Cole Helbling
e538664435 modules/age: /run/secrets -> /run/agenix 2021-11-15 21:39:32 -08:00
Cole Helbling
111754b894 modules/age: remove old secrets generations 2021-11-15 21:39:32 -08:00
Cole Helbling
f816a0d5df modules/age: symlink files into place
This follows sops-nix's implementation, where it creates a
`/run/secrets.d` ramfs mountpoint and a "generation" each time
the activation script runs, and then symlinks `/run/secrets` to
`/run/secrets.d/[generation]`.
2021-11-15 21:39:32 -08:00
Ryan Mulligan
53aa91b417
Merge pull request #62 from yaymukund/document-overlay-usage
Document how to install the binary in a `nix-channel` install.
2021-10-16 10:07:08 -07:00
Mukund Lakshman
b5cb1a07c0 Document how to install the binary in a nix-channel install. 2021-10-16 12:04:16 -04:00
Ryan Mulligan
daf1d77398
Merge pull request #59 from ryantm/workaround54
fix: remove workaround for #54
2021-09-17 09:31:09 -07:00
Ryan Mulligan
6d9fdcbd70 fix: remove workaround for #54
https://github.com/NixOS/nixpkgs/pull/137508 should remove the need
for this.
2021-09-16 15:39:38 -07:00
Ryan Mulligan
5c5bc28256
Merge pull request #57 from ryantm/workaround54
fix: workaround for #54
2021-09-10 19:04:24 -07:00
Ryan Mulligan
375a33cd97 fix: workaround for #54 2021-09-10 16:30:05 -07:00
Ryan Mulligan
e6752e7b85
Merge pull request #52 from gabysbrain/patch-1
add .nix extensions
2021-08-01 05:56:27 -07:00
Tom Torsney-Weir
1a09f60c3a
add .nix extensions
on my system (21.05.1759.91903ceb294 (Okapi)) I needed to add the .nix extensions on age to get nixos-rebuild to find the module. This seems to be inline with the modules directory structure:
`modules/age/nix`
rather than
`modules/age/default.nix`
but I'm not an expert on nix's file naming conventions
2021-08-01 13:26:50 +02:00
Ryan Mulligan
6e5ca0926e
Merge pull request #49 from ngkz/master
run activation scripts after /run mount
2021-07-30 15:54:13 -07:00
Ryan Mulligan
fb00f178b3
Merge pull request #51 from michaeladler/fix/diff-command-not-found
Make 'diff' an explicit dependency
2021-07-22 06:27:35 -07:00
Michael Adler
5c1fbaabc2 Make 'diff' an explicit dependency 2021-07-22 13:58:29 +02:00
Ryan Mulligan
85da8b7366 add meta.description
closes #47
closes #48
2021-07-20 08:50:08 -07:00
Kazutoshi Noguchi
8bad14fe08 run activation scripts after /run mount 2021-07-01 14:13:44 +09:00
Ryan Mulligan
e543aa7d68 doc: explain better where SSH host keys come from in tutorial
fixes #17
2021-05-12 20:37:55 -07:00
Ryan Mulligan
20a5c3d256
Merge pull request #44 from ryantm/umask
fix: umask
2021-05-12 20:33:50 -07:00
Ryan Mulligan
400e5208be doc: be more forceful about needing at least 20.09 2021-05-12 20:21:42 -07:00
Ryan Mulligan
b69fd62fbb fix: umask
fixes #38
2021-05-12 20:11:17 -07:00