mirrors/sops-nix
mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2025-04-08 18:04:38 +00:00
Code Activity

allow to disable sops

Browse source
This commit is contained in:
Jörg Thalheim 2022-01-14 17:55:37 +01:00
parent c86068ac9a
commit 43f44540b8
No known key found for this signature in database
1 changed files with 14 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
modules/sops/default.nix
View file

@ -14,6 +14,13 @@ let
sopsFileHash = mkOptionDefault (optionalString cfg.validateSopsFiles "${builtins.hashFile "sha256" config.sopsFile}");
};
options = {
enable = mkOption {
type = types.bool;
default = true;
description = ''
Sops secrets
'';
};
name = mkOption {
type = types.str;
default = config._module.args.name;
@ -32,7 +39,11 @@ let
};
path = mkOption {
type = types.str;
default = if config.neededForUsers then "/run/secrets-for-users/${config.name}" else "/run/secrets/${config.name}";
default = if !cfg.enable then
throw "`config.sops.secrets.${config.name}.path` was used but config.sops.enable is false"
else if config.neededForUsers
then "/run/secrets-for-users/${config.name}"
else "/run/secrets/${config.name}";
defaultText = "/run/secrets-for-users/$name when neededForUsers is set, /run/secrets/$name when otherwise.";
description = ''
Path where secrets are symlinked to.
@ -40,7 +51,7 @@ let
'';
};
format = mkOption {
type = types.enum ["yaml" "json" "binary"];
type = types.enum [ "yaml" "json" "binary" ];
default = cfg.defaultSopsFormat;
description = ''
File format used to decrypt the sops secret.
@ -284,7 +295,7 @@ in {
sops.environment.SOPS_GPG_EXEC = mkIf (cfg.gnupg.home != null) (mkDefault "${pkgs.gnupg}/bin/gpg");
system.activationScripts = {
system.activationScripts = lib.mkIf cfg.enable {
setupSecretsForUsers = mkIf (secretsForUsers != {}) (stringAfter ([ "specialfs" ] ++ optional cfg.age.generateKey "generate-age-key") ''
[ -e /run/current-system ] || echo setting up secrets for users...
${withEnvironment "${sops-install-secrets}/bin/sops-install-secrets -ignore-passwd ${manifestForUsers}"}