Commit graph

284 commits

Author SHA1 Message Date
Tim Häring
0e2fb13ecf remove newlines in recipient keys file
if not removed, empty lines will be added to the final encryption
command as --recipient '' which causes the command to fail with invalid
recipient ''
2022-05-15 20:03:52 +02:00
Ryan Mulligan
0d5e59ed64
Merge pull request #110 from ryantm/doc
doc: add readFile anti-pattern
2022-04-02 16:34:17 -07:00
Ryan Mulligan
f2ff19dc81 doc: add readFile anti-pattern 2022-04-02 15:11:48 -07:00
Ryan Mulligan
764c975e74
Merge pull request #106 from ryantm/warnings
feature: warn about missing files
2022-03-09 09:03:24 -08:00
Ryan Mulligan
25b5bcfce9
Merge pull request #80 from felixscheinost/add-aarch64-darwin-package
Add package for aarch64-darwin
2022-03-08 20:27:43 -08:00
Ryan Mulligan
1a4643b779 feature: warn about missing files
rage itself does not have good error messages when files are missing,
so add some of our own checks and warnings.
2022-03-08 08:00:43 -08:00
Ryan Mulligan
297cd58b41 doc: add Community and Support section 2022-02-28 19:34:22 -08:00
Ryan Mulligan
bad5a7be94 doc: use default nixosModule in NixOS flake 2022-02-28 19:29:39 -08:00
Ryan Mulligan
7309a8fc1f
Merge pull request #105 from luishfonseca/patch-1
Add default NixOS module to flake
2022-02-28 10:16:19 -08:00
Luís Fonseca
9316abd9f5
Add default NixOS module to flake
This adds a “default” NixOS module in flake.nix. This makes using this in flakes a little less verbose and repetitive.

Before this change:

```nix
nixpkgs.lib.nixosSystem {
  modules = [
    ./configuration.nix
    agenix.nixosModules.age
  ];
}
After this change:

```nix
nixpkgs.lib.nixosSystem {
  modules = [
    ./configuration.nix
    agenix.nixosModule
  ];
}
```
2022-02-28 17:38:21 +00:00
Ryan Mulligan
b4ab630f19
Merge pull request #103 from Pacman99/configure-secretsDir
modules/age: add option for secrets directory
2022-02-22 13:42:35 -08:00
Parthiv Seetharaman
85bd9d01ad modules/age: add option for secrets directory 2022-02-21 15:20:05 -08:00
Ryan Mulligan
a17d1f3055
Merge pull request #98 from nixinator/nixinator-just-spelling
correct readme spelling thats all
2022-02-02 14:42:37 -08:00
nixinator
3fbac9275f correct readme spelling thats all 2022-02-02 21:53:46 +00:00
Ryan Mulligan
08b9c96878
Merge pull request #93 from jtojnar/create-run
Ensure /run is created before mounting secrets
2022-01-07 09:24:25 -08:00
Jan Tojnar
35ecba5704 Do not try to create /run/agenix in when installing secrets
That is a job for agenixMountSecrets, which should have already
created a symlink there so the directory creation attempt would
fail anyway.
2022-01-06 22:55:10 +01:00
Jan Tojnar
26edd03a5a Ensure /run is created before mounting secrets
Otherwise /run/agenix might disappear if specialfs is toposorted
between agenixMountSecrets and agenixRoot.

Fixes: https://github.com/ryantm/agenix/issues/92
2022-01-06 22:50:56 +01:00
Ryan Mulligan
c5558c88b2 doc: fix niv CLI installation instructions 2021-12-29 10:20:00 -08:00
Ryan Mulligan
c882982544
Merge pull request #88 from ryantm/readme
doc: table of contents and better installation instructions
2021-12-29 10:18:18 -08:00
Ryan Mulligan
d00ce39997 doc: remove old NixOS version compatibility notice 2021-12-29 10:17:14 -08:00
Ryan Mulligan
81ebe4f1f4 doc: table of contents and better installation instructions 2021-12-29 10:15:09 -08:00
Ryan Mulligan
57806bf7e3
Merge pull request #82 from ryantm/identitypaths
feature: rename age.sshKeyPaths to age.identityPaths
2021-12-06 16:37:36 -08:00
Felix Scheinost
42a250cafa Add package for aarch64-darwin
flake.lock previously included a "indirect" reference to nixpkgs.

I am not sure what this means but I added `inputs.nixpkgs` and updated nixpkgs because this old version of nixpkgs didn't have any support for aarch64-darwin at all.

Now on a aarch64-darwin I can type `nix build` and get a working version of agenix.
2021-12-06 09:11:34 +01:00
Ryan Mulligan
dfb2e7e591 feature: rename age.sshKeyPaths to age.identityPaths
implements #66
2021-12-05 16:05:06 -08:00
Ryan Mulligan
c53ac31e44
Merge pull request #81 from chuangzhu/agebin
Allow customizing ageBin
2021-12-05 15:53:34 -08:00
Chuang Zhu
d85abe9f12
update README 2021-12-06 07:18:47 +08:00
Chuang Zhu
c2f6bd077c
allow customizing ageBin 2021-12-06 07:08:18 +08:00
Ryan Mulligan
52ea2f8c32
Merge pull request #78 from mausch/patch-1
Fix reference to module in docs
2021-11-30 16:38:58 -08:00
Mauricio Scheffer
4625cd526f
Fix reference to module in docs 2021-11-30 23:08:57 +00:00
Ryan Mulligan
f85eea0e29
Merge pull request #77 from Sohalt/main
update option descriptions
2021-11-24 14:43:10 -08:00
sohalt
ed0d9ef01a update option descriptions 2021-11-24 18:00:28 +01:00
Ryan Mulligan
a0e9ca505c
Merge pull request #73 from ymarkus/readme
README: clarify that 'config' has to be prefixed
2021-11-22 16:06:15 -08:00
Yannick Markus
8bf3896818
README: clarify that 'config' has to be prefixed 2021-11-21 15:13:56 +01:00
Ryan Mulligan
4a93de2beb
readme: master -> main 2021-11-20 17:30:45 -08:00
Ryan Mulligan
cb0fe60ff1
Merge pull request #72 from oslerw/patch-1
Install instructions: master -> main
2021-11-20 17:12:49 -08:00
William Osler
fc8272d31c
master -> main
Fix installation instructions for channel installation, now that the default branch name has changed.
2021-11-20 16:29:27 -08:00
Ryan Mulligan
4fefd7cfff
Merge pull request #71 from ryantm/fix-non-root-secrets
fix: make non-root secrets accessible again
2021-11-20 12:23:07 -08:00
Ryan Mulligan
5ff75b48b4 fix: make non-root secrets accessible again
fixes #69
2021-11-20 12:19:52 -08:00
Ryan Mulligan
b8e873bc23 ci: split linux and macos
That wasn't how you do it.
2021-11-20 11:39:24 -08:00
Ryan Mulligan
12e5225c9c ci: fix NixOS tests, try macos 2021-11-20 11:37:06 -08:00
Ryan Mulligan
c7906a8021 ci: run nix *flake* check 2021-11-20 11:31:38 -08:00
Ryan Mulligan
b12f117555 ci: run nix check 2021-11-20 11:30:40 -08:00
Cole Helbling
7bb0b5d7f1 modules/age: add option to disable symlinking
There are some cases where it may be better or even required to have the
secret be a file that is not a symlink. Setting

    age.secrets.some-secret.symlink = false;

will disable the default functionality of symlinking secrets and instead
just forcibly move them to their `path`.
2021-11-15 21:39:32 -08:00
Cole Helbling
e538664435 modules/age: /run/secrets -> /run/agenix 2021-11-15 21:39:32 -08:00
Cole Helbling
111754b894 modules/age: remove old secrets generations 2021-11-15 21:39:32 -08:00
Cole Helbling
f816a0d5df modules/age: symlink files into place
This follows sops-nix's implementation, where it creates a
`/run/secrets.d` ramfs mountpoint and a "generation" each time
the activation script runs, and then symlinks `/run/secrets` to
`/run/secrets.d/[generation]`.
2021-11-15 21:39:32 -08:00
Ryan Mulligan
53aa91b417
Merge pull request #62 from yaymukund/document-overlay-usage
Document how to install the binary in a `nix-channel` install.
2021-10-16 10:07:08 -07:00
Mukund Lakshman
b5cb1a07c0 Document how to install the binary in a nix-channel install. 2021-10-16 12:04:16 -04:00
Ryan Mulligan
daf1d77398
Merge pull request #59 from ryantm/workaround54
fix: remove workaround for #54
2021-09-17 09:31:09 -07:00
Ryan Mulligan
6d9fdcbd70 fix: remove workaround for #54
https://github.com/NixOS/nixpkgs/pull/137508 should remove the need
for this.
2021-09-16 15:39:38 -07:00