mirrors/sops-nix
mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2025-03-16 05:28:15 +00:00
Code Activity

Revert "allow to disable sops"

Browse source 
This reverts commit 43f44540b8.

This commit was not intended for master
This commit is contained in:
Jörg Thalheim 2022-02-07 14:34:38 +01:00
parent 43f44540b8
commit 95b4393147
No known key found for this signature in database
1 changed files with 3 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
modules/sops/default.nix
View file

@ -14,13 +14,6 @@ let
sopsFileHash = mkOptionDefault (optionalString cfg.validateSopsFiles "${builtins.hashFile "sha256" config.sopsFile}"); sopsFileHash = mkOptionDefault (optionalString cfg.validateSopsFiles "${builtins.hashFile "sha256" config.sopsFile}");
}; };
options = { options = {
enable = mkOption {
type = types.bool;
default = true;
description = ''
Sops secrets
'';
};
name = mkOption { name = mkOption {
type = types.str; type = types.str;
default = config._module.args.name; default = config._module.args.name;
@ -39,11 +32,7 @@ let
}; };
path = mkOption { path = mkOption {
type = types.str; type = types.str;
default = if !cfg.enable then default = if config.neededForUsers then "/run/secrets-for-users/${config.name}" else "/run/secrets/${config.name}";
throw "`config.sops.secrets.${config.name}.path` was used but config.sops.enable is false"
else if config.neededForUsers
then "/run/secrets-for-users/${config.name}"
else "/run/secrets/${config.name}";
defaultText = "/run/secrets-for-users/$name when neededForUsers is set, /run/secrets/$name when otherwise."; defaultText = "/run/secrets-for-users/$name when neededForUsers is set, /run/secrets/$name when otherwise.";
description = '' description = ''
Path where secrets are symlinked to. Path where secrets are symlinked to.
@ -51,7 +40,7 @@ let
''; '';
}; };
format = mkOption { format = mkOption {
type = types.enum [ "yaml" "json" "binary" ]; type = types.enum ["yaml" "json" "binary"];
default = cfg.defaultSopsFormat; default = cfg.defaultSopsFormat;
description = '' description = ''
File format used to decrypt the sops secret. File format used to decrypt the sops secret.
@ -295,7 +284,7 @@ in {
sops.environment.SOPS_GPG_EXEC = mkIf (cfg.gnupg.home != null) (mkDefault "${pkgs.gnupg}/bin/gpg"); sops.environment.SOPS_GPG_EXEC = mkIf (cfg.gnupg.home != null) (mkDefault "${pkgs.gnupg}/bin/gpg");
system.activationScripts = lib.mkIf cfg.enable { system.activationScripts = {
setupSecretsForUsers = mkIf (secretsForUsers != {}) (stringAfter ([ "specialfs" ] ++ optional cfg.age.generateKey "generate-age-key") '' setupSecretsForUsers = mkIf (secretsForUsers != {}) (stringAfter ([ "specialfs" ] ++ optional cfg.age.generateKey "generate-age-key") ''
[ -e /run/current-system ] || echo setting up secrets for users... [ -e /run/current-system ] || echo setting up secrets for users...
${withEnvironment "${sops-install-secrets}/bin/sops-install-secrets -ignore-passwd ${manifestForUsers}"} ${withEnvironment "${sops-install-secrets}/bin/sops-install-secrets -ignore-passwd ${manifestForUsers}"}