When using `files` on a NixOS option in the `nix repl` it fails to
follow the attribute of agenix module.
Discussing with @roberth has explained that this is a "common bug" on
account of mis-using the `import` for modules.
From what I understand, the `import` statement brings it into the
current context so you lose the attribute of where it's defined.
Here is what I currently see:
```
nix-repl> options.age.ageBin.files
[
"/nix/store/8kpmdb63f5i9mwdyirqki7hvvglgy1va-source/machines/nyx/configuration.nix"
]
```
After this change, the value in agenix is reported instead.
```
❯ nix repl --extra-experimental-features 'flakes repl-flake' \
--override-input agenix /home/fmzakari/code/github.com/ryantm/agenix .
nix-repl> options.age.ageBin.files
[
"/nix/store/99gc8rhgw43k201k34pshcsygdvbhmpy-source/modules/age.nix"
]
```
This can happen if for example a secret is used in the initrd, which
materializes it as a directory, which then causes agenix to silently
create an incorrect link when switching to stage2. This ensures that
agenix will abort with an error.
Why
===
* We'd like some tests for the CLI
* Last time we tried it failed on macos
What changed
===
* This time, we try to create the temp diretory in a way that works
with macos too
nix-darwin is detecting `/etc/nix/nix.conf` from the
cachix/install-nix-action and refusing to overwrite it, failing the
nix-darwin activation and therefore the rest of CI.
This commit `mv`s the existing `nix.conf` to avoid the above, and then
adds support for new-style nix commands and flakes to the nix-darwin
configuration to allow their subsequent use in CI.
It also removes the nix config from the `cachix/install-nix-action`
step, which was duplicated effort since we are blowing it away with
nix-darwin anyway.
Relevant:
- https://github.com/LnL7/nix-darwin/issues/149
Why
===
* Someone said age works better with password protected keys,
requiring entering the password less often.
* We switched to rage from age in
07ce686870
because it was limiting recipients to 20. This was fixed
https://github.com/FiloSottile/age/issues/139
What changed
===
* Switch from rage back to age (the reference implementation) in all
the spots
* Update the docs to show how to switch back to Rage
* Skip keys that are empty files, which fixes the integration test.
Why
===
* flake.nix had a lot of almost redundant lines in it.
* i686 support is probably being dropped soon in nixpkgs
https://github.com/NixOS/nixpkgs/pull/266164
What changed
==
* Add new input nix-systems/default which represents the default
systems typically used in the Nix community
* Define and use an eachSystem function that simplifies the flake.nix file
The functions was always called with `$FILE` as first argument, but inside the argument is ignored. This change doesn' have any impact, but can solve problems caused by the keys function called with an argument different from `$FILE`
When you do not have your pubkeys in your `secrets.nix` verbatim as
string but read them from file like this: `desktop1 = builtins.readFile
./desktop1.pub;`, you will end up with empty newlines in the resulting
list of keys, which will add `--recipient=''` arguments to your age
call, failing the call.