Fix age key generation and test it

2025-03-05 08:07:16 +00:00 · 2021-09-30 15:28:39 +02:00 · 2021-09-30 15:28:39 +02:00 · 4cebc08062
commit 4cebc08062
parent 5db02f2939
2 changed files with 6 additions and 1 deletions
--- a/modules/sops/default.nix
+++ b/modules/sops/default.nix
@ -212,7 +212,7 @@ in {
    '';

    system.activationScripts.generate-age-key = (mkIf cfg.age.generateKey) (stringAfter [] ''
-      if [[ ! -f "${cfg.age.keyFile}" ]]; then;
+      if [[ ! -f '${cfg.age.keyFile}' ]]; then
        echo generating machine-specific age key...
        mkdir -p $(dirname ${cfg.age.keyFile})
        # age-keygen sets 0600 by default, no need to chmod.
--- a/pkgs/sops-install-secrets/nixos-test.nix
+++ b/pkgs/sops-install-secrets/nixos-test.nix
@ -55,6 +55,11 @@
    sops = {
      defaultSopsFile = ./test-assets/secrets.yaml;
      secrets.test_key = {};
+      # Generate a key and append it to make sure it appending doesn't break anything
+      age = {
+        keyFile = "/tmp/testkey";
+        generateKey = true;
+      };
    };
  };