Commit graph

8 commits

Author SHA1 Message Date
ElliottSullingeFarrall
f2725cda13 feature: added support for running agenix on home-manager activation 2024-09-29 22:28:53 +01:00
ElliottSullingeFarrall
c69b98e6e7 feature: added support for substituting secrets into files 2024-09-22 18:05:32 +01:00
oddlama
08ed896eb6
fix: always treat link destinations as files to ensure error when destination is a directory.
This can happen if for example a secret is used in the initrd, which
materializes it as a directory, which then causes agenix to silently
create an incorrect link when switching to stage2. This ensures that
agenix will abort with an error.
2024-05-21 15:08:15 +02:00
Ryan Mulligan
5c1198a352 feat: switch from rage to age
Why
===
* Someone said age works better with password protected keys,
requiring entering the password less often.
* We switched to rage from age in
07ce686870
because it was limiting recipients to 20. This was fixed
https://github.com/FiloSottile/age/issues/139

What changed
===
* Switch from rage back to age (the reference implementation) in all
the spots
* Update the docs to show how to switch back to Rage
* Skip keys that are empty files, which fixes the integration test.
2023-12-23 14:09:16 -08:00
Nicolas Lenz
fe4f564f13
fix(home): shellcheck failure for fixed secretsDir 2023-09-09 16:46:53 +02:00
Lin Jian
0d94960783
doc: fix defaultText by adding literalExpression
I also remove an unnecessary defaultText and fix a typo.
2023-06-27 00:06:39 +08:00
Sefa Eyeoglu
758cdc98f4
Disable shellcheck warning about impossible comparison
This shellcheck warning occurs when setting a path for a secret using
the home-manager module.

Signed-off-by: Sefa Eyeoglu <contact@scrumplex.net>
2023-05-12 20:15:30 +02:00
Bruno BELANYI
9274b82816 Add home-manager module
This is to update and fix the issues I saw in [1] and [2].

Using a service definition instead of an activation script should
resolve the issue about the secrets disappearing after rebooting.

Removed the `user` and `group` option as they do not make sense to me
for a home-manager module, which should target a single user. They can
always be added back if somebody comes screaming.

This is somewhat modeled after sops-nix's own module [3].

[1]: https://github.com/ryantm/agenix/pull/58/
[2]: https://github.com/ryantm/agenix/pull/109
[3]: https://github.com/Mic92/sops-nix/blob/master/modules/home-manager/sops.nix
2023-05-06 14:18:17 +01:00