mirrors/sops-nix
mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2025-03-16 05:28:15 +00:00
Code Activity

don't substitute binaries

Browse source
This commit is contained in:
Edward Tjörnhammar 2023-10-14 16:53:21 +02:00 committed by mergify[bot]
parent f995ea1592
commit 7711514b85
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
modules/sops/templates/default.nix
View file

@ -90,11 +90,12 @@ in {
tpl = config.sops.templates.${name}; tpl = config.sops.templates.${name};
substitute = pkgs.writers.writePython3 "substitute" { } substitute = pkgs.writers.writePython3 "substitute" { }
(readFile ./subs.py); (readFile ./subs.py);
subst-pairs = pkgs.writeText "pairs" (concatMapStringsSep "\n" subst-pairs = pkgs.writeText "pairs" (flip (concatMapStringsSep "\n")
(attrNames (filterAttrs (n: v: v ? format && v.format != "binary") config.sops.secrets))
(name: (name:
"${toString config.sops.placeholder.${name}} ${ "${toString config.sops.placeholder.${name}} ${
config.sops.secrets.${name}.path config.sops.secrets.${name}.path
}") (attrNames config.sops.secrets)); }"));
in '' in ''
mkdir -p "${dirOf tpl.path}" mkdir -p "${dirOf tpl.path}"
(umask 077; ${substitute} ${tpl.file} ${subst-pairs} > ${tpl.path}) (umask 077; ${substitute} ${tpl.file} ${subst-pairs} > ${tpl.path})