mirror of
https://github.com/Mic92/sops-nix.git
synced 2025-03-16 05:28:15 +00:00
Revert "allow to disable sops"
This reverts commit 43f44540b8
.
This commit was not intended for master
This commit is contained in:
parent
43f44540b8
commit
95b4393147
1 changed files with 3 additions and 14 deletions
|
@ -14,13 +14,6 @@ let
|
||||||
sopsFileHash = mkOptionDefault (optionalString cfg.validateSopsFiles "${builtins.hashFile "sha256" config.sopsFile}");
|
sopsFileHash = mkOptionDefault (optionalString cfg.validateSopsFiles "${builtins.hashFile "sha256" config.sopsFile}");
|
||||||
};
|
};
|
||||||
options = {
|
options = {
|
||||||
enable = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = true;
|
|
||||||
description = ''
|
|
||||||
Sops secrets
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
name = mkOption {
|
name = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = config._module.args.name;
|
default = config._module.args.name;
|
||||||
|
@ -39,11 +32,7 @@ let
|
||||||
};
|
};
|
||||||
path = mkOption {
|
path = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = if !cfg.enable then
|
default = if config.neededForUsers then "/run/secrets-for-users/${config.name}" else "/run/secrets/${config.name}";
|
||||||
throw "`config.sops.secrets.${config.name}.path` was used but config.sops.enable is false"
|
|
||||||
else if config.neededForUsers
|
|
||||||
then "/run/secrets-for-users/${config.name}"
|
|
||||||
else "/run/secrets/${config.name}";
|
|
||||||
defaultText = "/run/secrets-for-users/$name when neededForUsers is set, /run/secrets/$name when otherwise.";
|
defaultText = "/run/secrets-for-users/$name when neededForUsers is set, /run/secrets/$name when otherwise.";
|
||||||
description = ''
|
description = ''
|
||||||
Path where secrets are symlinked to.
|
Path where secrets are symlinked to.
|
||||||
|
@ -51,7 +40,7 @@ let
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
format = mkOption {
|
format = mkOption {
|
||||||
type = types.enum [ "yaml" "json" "binary" ];
|
type = types.enum ["yaml" "json" "binary"];
|
||||||
default = cfg.defaultSopsFormat;
|
default = cfg.defaultSopsFormat;
|
||||||
description = ''
|
description = ''
|
||||||
File format used to decrypt the sops secret.
|
File format used to decrypt the sops secret.
|
||||||
|
@ -295,7 +284,7 @@ in {
|
||||||
|
|
||||||
sops.environment.SOPS_GPG_EXEC = mkIf (cfg.gnupg.home != null) (mkDefault "${pkgs.gnupg}/bin/gpg");
|
sops.environment.SOPS_GPG_EXEC = mkIf (cfg.gnupg.home != null) (mkDefault "${pkgs.gnupg}/bin/gpg");
|
||||||
|
|
||||||
system.activationScripts = lib.mkIf cfg.enable {
|
system.activationScripts = {
|
||||||
setupSecretsForUsers = mkIf (secretsForUsers != {}) (stringAfter ([ "specialfs" ] ++ optional cfg.age.generateKey "generate-age-key") ''
|
setupSecretsForUsers = mkIf (secretsForUsers != {}) (stringAfter ([ "specialfs" ] ++ optional cfg.age.generateKey "generate-age-key") ''
|
||||||
[ -e /run/current-system ] || echo setting up secrets for users...
|
[ -e /run/current-system ] || echo setting up secrets for users...
|
||||||
${withEnvironment "${sops-install-secrets}/bin/sops-install-secrets -ignore-passwd ${manifestForUsers}"}
|
${withEnvironment "${sops-install-secrets}/bin/sops-install-secrets -ignore-passwd ${manifestForUsers}"}
|
||||||
|
|
Loading…
Add table
Reference in a new issue