Merge pull request #345 from Mic92/doc-fixes

replace nix-shell with nix run to get sops-init-gpg-key
2025-04-09 02:14:08 +00:00 · 2023-06-16 08:49:22 +01:00 · 2023-06-16 08:49:22 +01:00 · 196eab3627
commit 196eab3627
parent cb85e29793 5a60b0abc4
7 changed files with 56 additions and 52 deletions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -4,8 +4,6 @@ on:
  push:
    branches:
      - master
-      - staging
-      - release-*
  schedule:
    - cron:  '51 2 * * *'
 jobs:
--- a/.github/workflows/upgrade-flakes.yml
+++ b/.github/workflows/upgrade-flakes.yml
@ -18,9 +18,5 @@ jobs:
        uses: DeterminateSystems/update-flake-lock@v19
        with:
          token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
-          pr-body: |
-            Automated changes by the update-flake-lock
-            ```
-            {{ env.GIT_COMMIT_MESSAGE }}
-            ```
-            bors merge
+          pr-labels: |
+            merge-queue
--- a/.mergify.yml
+++ b/.mergify.yml
@ -0,0 +1,46 @@
+queue_rules:
+  - name: default
+    merge_conditions:
+      - check-success=Evaluate flake.nix
+      - check-success=check age-keys [x86_64-linux]
+      - check-success=check age-keys-23_05 [x86_64-linux]
+      - check-success=check age-ssh-keys [x86_64-linux]
+      - check-success=check age-ssh-keys-23_05 [x86_64-linux]
+      - check-success=check cross-build-23_05 [x86_64-linux]
+      - check-success=check default-23_05 [x86_64-linux]
+      - check-success=check lint-23_05 [x86_64-linux]
+      - check-success=check pgp-keys [x86_64-linux]
+      - check-success=check pgp-keys-23_05 [x86_64-linux]
+      - check-success=check pruning [x86_64-linux]
+      - check-success=check pruning-23_05 [x86_64-linux]
+      - check-success=check sops-init-gpg-key-23_05 [x86_64-linux]
+      - check-success=check sops-pgp-hook-23_05 [x86_64-linux]
+      - check-success=check sops-pgp-hook-test-23_05 [x86_64-linux]
+      - check-success=check ssh-keys-23_05 [x86_64-linux]
+      - check-success=check ssh-to-pgp-23_05 [x86_64-linux]
+      - check-success=check templates [x86_64-linux]
+      - check-success=check unit-tests-23_05 [x86_64-linux]
+      - check-success=check user-passwords [x86_64-linux]
+      - check-success=devShell default [x86_64-linux]
+      - check-success=package cross-build [x86_64-linux]
+      - check-success=package default [x86_64-linux]
+      - check-success=package lint [x86_64-linux]
+      - check-success=package sops-import-keys-hook [x86_64-linux]
+      - check-success=package sops-init-gpg-key [x86_64-linux]
+      - check-success=package sops-install-secrets [x86_64-linux]
+      - check-success=package sops-pgp-hook [x86_64-linux]
+      - check-success=package sops-pgp-hook-test [x86_64-linux]
+      - check-success=package unit-tests [x86_64-linux]
+      - check-success=tests
+defaults:
+  actions:
+    queue:
+      allow_merging_configuration_change: true
+      method: rebase
+pull_request_rules:
+  - name: merge using the merge queue
+    conditions:
+      - base=master
+      - label~=merge-queue|dependencies
+    actions:
+      queue: {}
--- a/README.md
+++ b/README.md
@ -795,8 +795,7 @@ The secrets are decrypted in a systemd user service called `sops-nix`, so other
 If you prefer having a separate GPG key, sops-nix also comes with a helper tool, `sops-init-gpg-key`:

 ```console
-$ nix-shell -p sops-init-gpg-key
-$ sops-init-gpg-key --hostname server01 --gpghome /tmp/newkey
+$ nix run github:Mic92/sops-nix#sops-init-gpg-key -- --hostname server01 --gpghome /tmp/newkey
 # You can use the following command to save it to a file:
 $ cat > server01.asc <<EOF
 -----BEGIN PGP PUBLIC KEY BLOCK-----
@ -825,8 +824,7 @@ You can choose between a RSA GPG key (default, like in the example above) or a
 Curve25519 based one by adding `--keytype Curve25519` like so:

 ```console
-$ nix-shell -p sops-init-gpg-key
-$ sops-init-gpg-key --hostname server01 --gpghome /tmp/newkey --keytype Curve25519
+$ nix run github:Mic92/sops-nix#sops-init-gpg-key -- --hostname server01 --gpghome /tmp/newkey --keytype Curve25519
 You can use the following command to save it to a file:
 cat > server01.asc <<EOF
 -----BEGIN PGP PUBLIC KEY BLOCK-----
--- a/bors.toml
+++ b/bors.toml
@ -1,34 +0,0 @@
-cut_body_after = "" # don't include text from the PR body in the merge commit message
-status = [
-  "Evaluate flake.nix",
-  "check age-keys [x86_64-linux]",
-  "check age-keys-22_11 [x86_64-linux]",
-  "check age-ssh-keys-22_11 [x86_64-linux]",
-  "check default-22_11 [x86_64-linux]",
-  "check lint-22_11 [x86_64-linux]",
-  "check pgp-keys [x86_64-linux]",
-  "check pruning-22_11 [x86_64-linux]",
-  "check restart-and-reload-22_11 [x86_64-linux]",
-  "check sops-import-keys-hook-22_11 [x86_64-linux]",
-  "check sops-init-gpg-key-22_11 [x86_64-linux]",
-  "check sops-install-secrets-22_11 [x86_64-linux]",
-  "check sops-pgp-hook-22_11 [x86_64-linux]",
-  "check sops-pgp-hook-test-22_11 [x86_64-linux]",
-  "check ssh-keys-22_11 [x86_64-linux]",
-  "check unit-tests-22_11 [x86_64-linux]",
-  "check user-passwords [x86_64-linux]",
-  "check user-passwords-22_11 [x86_64-linux]",
-  "devShell default [x86_64-linux]",
-  "devShell unit-tests [x86_64-linux]",
-  "package cross-build [x86_64-linux]",
-  "package default [x86_64-linux]",
-  "package lint [x86_64-linux]",
-  "package sops-import-keys-hook [x86_64-linux]",
-  "package sops-init-gpg-key [x86_64-linux]",
-  "package sops-install-secrets [x86_64-linux]",
-  "package sops-pgp-hook [x86_64-linux]",
-  "package sops-pgp-hook-test [x86_64-linux]",
-  "package ssh-to-pgp [x86_64-linux]",
-  "package unit-tests [x86_64-linux]",
-  "tests"
-]
--- a/flake.lock
+++ b/flake.lock
@ -18,16 +18,16 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1686392259,
-        "narHash": "sha256-hqSS9hKhWldIZr1bBp9xKhIznnGPICGKzuehd2LH0UA=",
+        "lastModified": 1686885751,
+        "narHash": "sha256-KcbYp2KuKbXgNaYVziwKUc6AKRhgJ1G8Qq5gjAbQ3uw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "ef24b2fa0c5f290a35064b847bc211f25cb85c88",
+        "rev": "aa4b53f79d961a7cbba0b24f791401a34c18011a",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "release-22.11",
+        "ref": "release-23.05",
        "repo": "nixpkgs",
        "type": "github"
      }
--- a/flake.nix
+++ b/flake.nix
@ -1,7 +1,7 @@
 {
  description = "Integrates sops into nixos";
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
-  inputs.nixpkgs-stable.url = "github:NixOS/nixpkgs/release-22.11";
+  inputs.nixpkgs-stable.url = "github:NixOS/nixpkgs/release-23.05";
  nixConfig.extra-substituters = ["https://cache.garnix.io"];
  nixConfig.extra-trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="];
  outputs = {
@ -17,7 +17,7 @@
    ];
    forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system);
    suffix-version = version: attrs: nixpkgs.lib.mapAttrs' (name: value: nixpkgs.lib.nameValuePair (name + version) value) attrs;
-    suffix-stable = suffix-version "-22_11";
+    suffix-stable = suffix-version "-23_05";
  in {
    overlays.default = final: prev: let
      localPkgs = import ./default.nix {pkgs = final;};