Merge branch 'master' into lists

.github/workflows/test-flakes.yml

@@ -0,0 +1,31 @@
+name: "Flake test"
+on:
+  pull_request:
+  schedule:
+    - cron:  '51 2 * * *'
+jobs:
+  tests:
+    strategy:
+      matrix:
+        os: [ ubuntu-latest, macos-latest ]
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v2
+      with:
+          # Nix Flakes doesn't work on shallow clones
+          fetch-depth: 0
+    - uses: cachix/install-nix-action@v12
+      with:
+        install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20201221_9fab14a/install
+        extra_nix_config: |
+          experimental-features = nix-command flakes
+          system-features = nixos-test benchmark big-parallel kvm
+    - name: Setup cachix
+      uses: cachix/cachix-action@v8
+      with:
+        name: mic92
+        signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
+    - name: List flake structure
+      run: nix flake show
+    - name: Run unit tests (flake)
+      run: nix build --no-link .#unit-tests -L

README.md

@@ -41,7 +41,7 @@ Choose one of the following methods:
 $ niv add Mic92/sops-nix
 ```
 
-  Than add the following to your configuration.nix in the `imports` list:
+  Then add the following to your configuration.nix in the `imports` list:
   
 ```nix
 {
@@ -58,7 +58,7 @@ $ nix-channel --add https://github.com/Mic92/sops-nix/archive/master.tar.gz sops
 $ nix-channel --update
 ```
   
-  Than add the following to your configuration.nix in the `imports` list:
+  Then add the following to your configuration.nix in the `imports` list:
   
 ```nix
 {
@@ -123,7 +123,7 @@ First generate yourself [a GPG key](https://docs.github.com/en/github/authentica
 conversion tool to convert an existing ssh key (we only support RSA keys right now):
 
 ```
-$ nix-shell -p ssh-to-pgp
+$ nix run -f https://github.com/Mic92/sops-nix/archive/master.tar.gz ssh-to-pgp
 $ ssh-to-pgp -private-key -i $HOME/.ssh/id_rsa | gpg --import --quiet
 2504791468b153b8a3963cc97ba53d1919c5dfd4
 # This exports the public key
@@ -336,14 +336,14 @@ If you derived your server public key from ssh, all you need in your configurati
 ```
 
 On `nixos-rebuild switch` this will make the key accessible 
-via `/run/secret/example-key`:
+via `/run/secrets/example-key`:
 
 ```console
-$ cat /run/secret/example-key
+$ cat /run/secrets/example-key
 example-value
 ```
 
-`/run/secret` is a symlink to `/etc/secret.d/1`:
+`/run/secrets` is a symlink to `/etc/secret.d/1`:
 
 ```console
 $ ls -la /run/secrets
@@ -569,7 +569,7 @@ You can include it like this in your `configuration.nix`:
 ### Binary
 
 Unlike the other two formats for binaries one file correspond to one secret.
-This format allows to encrypt arbitrary binary format that can be not put into
+This format allows to encrypt an arbitrary binary format that can't be put into
 JSON/YAML files.
 
 To encrypt an binary file use the following command:

flake.nix

@@ -13,7 +13,9 @@
     forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system);
   in {
     nixosModules.sops = import ./modules/sops;
-    packages = forAllSystems (system: nixpkgs.legacyPackages.${system}.callPackage ./default.nix {});
+    packages = forAllSystems (system: import ./default.nix {
+      pkgs = import nixpkgs { inherit system; };
+    });
     defaultPackage = forAllSystems (system: self.packages.${system}.sops-init-gpg-key);
   };
 }

pkgs/sops-install-secrets/nixos-test.nix

@@ -20,6 +20,7 @@
   '';
  } {
    inherit pkgs;
+   inherit (pkgs) system;
  };
 
  pgp-keys = makeTest {
@@ -73,5 +74,6 @@
   '';
  } {
    inherit pkgs;
+   inherit (pkgs) system;
  };
 }

pkgs/sops-pgp-hook/sops-pgp-hook.bash

@@ -27,4 +27,6 @@ sopsPGPHook() {
 
 if [ -z "${shellHook-}" ]; then
   shellHook=sopsPGPHook
+else
+  shellHook="sopsPGPHook;${shellHook}"
 fi