mirrors/sops-nix
mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2025-03-16 21:48:15 +00:00
Code Activity

feat(home-manager/sops): add environment variable configuration

Browse source 
Added support for configuring environment variables before calling
`sops-install-secrets`. Introduced a new `environment` option which
allows specifying environment variables. Modified systemd service
and launchd agent to use the specified environment variables.
This commit is contained in:
Mark Sisson 2024-09-05 10:46:27 -05:00 committed by mergify[bot]
parent a4c33bfecb
commit d089e742fb
1 changed files with 15 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
modules/home-manager/sops.nix
View file

@ -96,10 +96,7 @@ let
escapedAgeKeyFile = lib.escapeShellArg cfg.age.keyFile; escapedAgeKeyFile = lib.escapeShellArg cfg.age.keyFile;
script = toString (pkgs.writeShellScript "sops-nix-user" ((lib.optionalString (cfg.gnupg.home != null) '' script = toString (pkgs.writeShellScript "sops-nix-user" ((lib.optionalString cfg.age.generateKey ''
export SOPS_GPG_EXEC=${pkgs.gnupg}/bin/gpg
'')
+ (lib.optionalString cfg.age.generateKey ''
if [[ ! -f ${escapedAgeKeyFile} ]]; then if [[ ! -f ${escapedAgeKeyFile} ]]; then
echo generating machine-specific age key... echo generating machine-specific age key...
${pkgs.coreutils}/bin/mkdir -p $(${pkgs.coreutils}/bin/dirname ${escapedAgeKeyFile}) ${pkgs.coreutils}/bin/mkdir -p $(${pkgs.coreutils}/bin/dirname ${escapedAgeKeyFile})
@ -174,6 +171,16 @@ in {
description = "What to log"; description = "What to log";
}; };
environment = lib.mkOption {
type = lib.types.attrsOf (lib.types.either lib.types.str lib.types.path);
default = {};
description = ''
Environment variables to set before calling sops-install-secrets.
To properly quote strings with quotes use lib.escapeShellArg.
'';
};
age = { age = {
keyFile = lib.mkOption { keyFile = lib.mkOption {
type = lib.types.nullOr pathNotInStore; type = lib.types.nullOr pathNotInStore;
@ -243,6 +250,8 @@ in {
}]) cfg.secrets) }]) cfg.secrets)
); );
sops.environment.SOPS_GPG_EXEC = lib.mkIf (cfg.gnupg.home != null || cfg.gnupg.sshKeyPaths != []) (lib.mkDefault "${pkgs.gnupg}/bin/gpg");
systemd.user.services.sops-nix = lib.mkIf pkgs.stdenv.hostPlatform.isLinux { systemd.user.services.sops-nix = lib.mkIf pkgs.stdenv.hostPlatform.isLinux {
Unit = { Unit = {
Description = "sops-nix activation"; Description = "sops-nix activation";
@ -251,6 +260,7 @@ in {
Type = "oneshot"; Type = "oneshot";
ExecStart = script; ExecStart = script;
}; };
Environment = builtins.concatStringsSep " " (lib.mapAttrsToList (name: value: "'${name}=${value}'") cfg.environment);
Install.WantedBy = if cfg.gnupg.home != null then [ "graphical-session-pre.target" ] else [ "default.target" ]; Install.WantedBy = if cfg.gnupg.home != null then [ "graphical-session-pre.target" ] else [ "default.target" ];
}; };
@ -259,6 +269,7 @@ in {
enable = true; enable = true;
config = { config = {
Program = script; Program = script;
EnvironmentVariables = cfg.environment;
KeepAlive = false; KeepAlive = false;
RunAtLoad = true; RunAtLoad = true;
StandardOutPath = "${config.home.homeDirectory}/Library/Logs/SopsNix/stdout"; StandardOutPath = "${config.home.homeDirectory}/Library/Logs/SopsNix/stdout";