mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2024-12-14 11:57:52 +00:00
Code Activity

Rename passwordFile to hashedPasswordFile

Browse source 
This follows the rename that was done in nixpkgs.

Reference PR https://github.com/NixOS/nixpkgs/pull/254080
This commit is contained in:
pizmovc 2023-11-03 19:39:10 +01:00 committed by mergify[bot]
parent 5bc2cde6e5
commit 4e3f66f703
2 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -569,7 +569,7 @@ lrwxrwxrwx 1 root root 40 Jul 19 22:36 /var/lib/hass/secrets.yaml -> /run/secret
## Setting a user's password
sops-nix has to run after NixOS creates users (in order to specify what users own a secret.)
This means that it's not possible to set `users.users.<name>.passwordFile` to any secrets managed by sops-nix.
This means that it's not possible to set `users.users.<name>.hashedPasswordFile` to any secrets managed by sops-nix.
To work around this issue, it's possible to set `neededForUsers = true` in a secret.
This will cause the secret to be decrypted to `/run/secrets-for-users` instead of `/run/secrets` before NixOS creates users.
As users are not created yet, it's not possible to set an owner for these secrets.
@ -580,7 +580,7 @@ As users are not created yet, it's not possible to set an owner for these secret
users.users.mic92 = {
isNormalUser = true;
passwordFile = config.sops.secrets.my-password.path;
hashedPasswordFile = config.sops.secrets.my-password.path;
};
}
```

2
pkgs/sops-install-secrets/nixos-test.nix
View file

@ -36,7 +36,7 @@
users.users.example-user = {
isNormalUser = true;
passwordFile = config.sops.secrets.test_key.path;
hashedPasswordFile = config.sops.secrets.test_key.path;
};
};