mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2024-12-14 11:57:52 +00:00
Code Activity
747 commits 14 branches 1 tag 2.8 MiB
Commit graph

747 commits

This branch
This branch
All branches
Author SHA1 Message Date
github-actions[bot]
075df9d85e flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/f63ce824cd2f036216eb5f637dfef31e1a03ee89' (2024-02-24)
  → 'github:NixOS/nixpkgs/458b097d81f90275b3fdf03796f0563844926708' (2024-03-02)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/89a2a12e6c8c6a56c72eb3589982c8e2f89c70ea' (2024-02-25)
  → 'github:NixOS/nixpkgs/66d65cb00b82ffa04ee03347595aa20e41fe3555' (2024-03-03)
 2024-03-03 03:01:51 +00:00
dependabot[bot]
a1c8de14f6 update vendorHash 2024-02-26 22:51:07 +00:00
dependabot[bot]
e386e52abe build(deps): bump golang.org/x/crypto from 0.19.0 to 0.20.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.19.0 to 0.20.0.
- [Commits](https://github.com/golang/crypto/compare/v0.19.0...v0.20.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-02-26 22:51:07 +00:00
github-actions[bot]
2874fbbe4a flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/6e2f00c83911461438301db0dba5281197fe4b3a' (2024-02-17)
  → 'github:NixOS/nixpkgs/f63ce824cd2f036216eb5f637dfef31e1a03ee89' (2024-02-24)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/69405156cffbdf2be50153f13cbdf9a0bea38e49' (2024-02-17)
  → 'github:NixOS/nixpkgs/89a2a12e6c8c6a56c72eb3589982c8e2f89c70ea' (2024-02-25)
 2024-02-25 03:01:16 +00:00
Quentin Smith
f6b80ab6cd Address review comments 2024-02-21 07:24:54 +00:00
Quentin Smith
fbec55367f modules/sops/templates: Support custom files as secret templates 
This exposes the `file` option, which can be used with `pkgs.formats` to write additional configuration formats.
 2024-02-21 07:24:54 +00:00
dependabot[bot]
acfcce2a36 update vendorHash 2024-02-20 19:09:21 +00:00
dependabot[bot]
a13fc353ca build(deps): bump golang.org/x/crypto from 0.18.0 to 0.19.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.18.0 to 0.19.0.
- [Commits](https://github.com/golang/crypto/compare/v0.18.0...v0.19.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-02-20 19:09:21 +00:00
dependabot[bot]
a5932c85e1 update vendorHash 2024-02-20 18:18:50 +00:00
dependabot[bot]
203f3fd655 build(deps): bump golang.org/x/sys from 0.16.0 to 0.17.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/sys/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-02-20 18:18:50 +00:00
w4tsn
5611ba15f1 add nix config snippet to restart sops-nix service 
As home-manager does not restart the `sops-nix` unit automatically
a snippet to instruct home-manager to do so is added.

Home-manager could be instructed to restart the user service from the
sops-nix home-manager module instead. Usually home-manager restarts
units which changed. Since the sops-nix unit does not change when
secrets change this does not trigger automatically.

There are two options:
- let sops-nix home-manager module compute a chained hash over all
  secrets and place it inside the unit file, so it changes every time
  the secrets change
- use X-SwitchMethod and X-Restart-Triggers
  See nix-community/home-manager#3865
 2024-02-20 18:04:56 +00:00
DDoSolitary
f88661c9a9 Revert "don't substitute binaries" 
This reverts commit 7711514b85.

With db82bcafd4, we no longer need to
ensure that the pair list only contains utf-8 text, as long as users
don't reference non-utf-8 data in template content.
Fixes Mic92/sops-nix#439.
 2024-02-20 16:46:05 +00:00
DDoSolitary
f805f3061a template rendering should only read referenced secrets 
Adds an extra check to determine if the placeholder ocurrs in template
content before actually reading the corresponding secret file.
In terms of performance, this adds an extra string search, but removes
possibly unneceassary file reading if the secret is not used in the
template, though both of them should be negligible in most cases.
Fixes Mic92/sops-nix#496.
 2024-02-20 16:46:05 +00:00
github-actions[bot]
ffed177a9d flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/442d407992384ed9c0e6d352de75b69079904e4e' (2024-02-09)
  → 'github:NixOS/nixpkgs/6e2f00c83911461438301db0dba5281197fe4b3a' (2024-02-17)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/d8cd80616c8800feec0cab64331d7c3d5a1a6d98' (2024-02-10)
  → 'github:NixOS/nixpkgs/69405156cffbdf2be50153f13cbdf9a0bea38e49' (2024-02-17)
 2024-02-18 03:02:23 +00:00
Sirio Balmelli
48afd3264e home-manager/darwin: run sops-nix-user _once_ on login or activation 
Correct a bug where 'KeepAlive' in the launchd service
'org.nix-community.home.sops-nix.plist'
re-runs 'sops-nix-user' every few seconds.

This should run:

- once at boot
- once at home-manager profile activation

Signed-off-by: Sirio Balmelli <sirio@b-ad.ch>
 2024-02-13 17:36:42 +01:00
Jörg Thalheim
695275c349 make sops-install-secrets work with sysusers 2024-02-12 15:30:32 +01:00
github-actions[bot]
2eb7c4ba3a flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/f8e2ebd66d097614d51a56a755450d4ae1632df1' (2024-02-07)
  → 'github:NixOS/nixpkgs/442d407992384ed9c0e6d352de75b69079904e4e' (2024-02-09)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/bc6cb3d59b7aab88e967264254f8c1aa4c0284e9' (2024-02-08)
  → 'github:NixOS/nixpkgs/d8cd80616c8800feec0cab64331d7c3d5a1a6d98' (2024-02-10)
 2024-02-11 03:03:34 +00:00
Jörg Thalheim
2168851d58 nixos-tests: drop < 23.11 compat code 2024-02-08 13:05:11 +00:00
Jörg Thalheim
98aa76b72e bump nixos-stable release 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/79a13f1437e149dc7be2d1290c74d378dad60814' (2024-02-03)
  → 'github:NixOS/nixpkgs/f8e2ebd66d097614d51a56a755450d4ae1632df1' (2024-02-07)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/9a333eaa80901efe01df07eade2c16d183761fa3' (2024-01-22)
  → 'github:NixOS/nixpkgs/bc6cb3d59b7aab88e967264254f8c1aa4c0284e9' (2024-02-08)
 2024-02-08 12:26:52 +00:00
Jörg Thalheim
00071af896 move secrets-fo-users to it's own module 
This preparation to support sysusers.
No behavior change.
 2024-02-08 12:26:52 +00:00
github-actions[bot]
23f61b897c flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/4fddc9be4eaf195d631333908f2a454b03628ee5' (2024-01-25)
  → 'github:NixOS/nixpkgs/79a13f1437e149dc7be2d1290c74d378dad60814' (2024-02-03)
 2024-02-04 02:59:07 +00:00
github-actions[bot]
73bf36912e flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/e5d1c87f5813afde2dda384ac807c57a105721cc' (2024-01-19)
  → 'github:NixOS/nixpkgs/4fddc9be4eaf195d631333908f2a454b03628ee5' (2024-01-25)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/a1982c92d8980a0114372973cbdfe0a307f1bdea' (2024-01-12)
  → 'github:NixOS/nixpkgs/9a333eaa80901efe01df07eade2c16d183761fa3' (2024-01-22)
 2024-01-28 03:00:21 +00:00
Haru02w
4606d9b159 Add info about hash passwords 2024-01-24 22:06:12 +01:00
github-actions[bot]
ae171b54e7 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/eabe8d3eface69f5bb16c18f8662a702f50c20d5' (2024-01-09)
  → 'github:NixOS/nixpkgs/e5d1c87f5813afde2dda384ac807c57a105721cc' (2024-01-19)
 2024-01-21 02:59:43 +00:00
dependabot[bot]
8775533158 build(deps): bump cachix/install-nix-action from 24 to 25 
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 24 to 25.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v24...v25)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-15 22:14:37 +00:00
github-actions[bot]
70dd0d521f flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/63143ac2c9186be6d9da6035fa22620018c85932' (2024-01-02)
  → 'github:NixOS/nixpkgs/eabe8d3eface69f5bb16c18f8662a702f50c20d5' (2024-01-09)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/70bdadeb94ffc8806c0570eb5c2695ad29f0e421' (2024-01-03)
  → 'github:NixOS/nixpkgs/a1982c92d8980a0114372973cbdfe0a307f1bdea' (2024-01-12)
 2024-01-14 02:59:13 +00:00
Jörg Thalheim
c0b3a5af90 fix wrong error message in ssh key import 2024-01-10 18:37:54 +01:00
Jörg Thalheim
020dcff707 allow ssh key import to fail 
We import ssh keys by default if openssh is enabled.
However if users are using age keys while using sops to deploy ssh keys we have
a catch-22.
While users could use lib.mkForce to empty the list, this is not intuitive
 2024-01-10 17:59:57 +01:00
Jörg Thalheim
5bd3f71f07 Update README.md 2024-01-10 16:58:27 +00:00
EmergentMind
4cf467173b Update README.md 
Add  home-manager usage example that is inline with current recommended sops-nix installation approach. The required import path is substantially different than that of the other example, which has been retained.
 2024-01-10 16:58:27 +00:00
Enno Richter
6db9bd9ace fix typo in README.md 2024-01-10 16:53:11 +00:00
dependabot[bot]
0ded574120 update vendorHash 2024-01-08 22:35:04 +00:00
dependabot[bot]
6a5082dcc2 build(deps): bump golang.org/x/crypto from 0.17.0 to 0.18.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/crypto/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-08 22:35:04 +00:00
github-actions[bot]
f5fbcc0f50 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/e1fa12d4f6c6fe19ccb59cac54b5b3f25e160870' (2023-12-25)
  → 'github:NixOS/nixpkgs/63143ac2c9186be6d9da6035fa22620018c85932' (2024-01-02)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/0aad9113182747452dbfc68b93c86e168811fa6c' (2023-12-30)
  → 'github:NixOS/nixpkgs/70bdadeb94ffc8806c0570eb5c2695ad29f0e421' (2024-01-03)
 2024-01-07 03:01:50 +00:00
github-actions[bot]
cfdbaf68d0 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/d6863cbcbbb80e71cecfc03356db1cda38919523' (2023-12-21)
  → 'github:NixOS/nixpkgs/e1fa12d4f6c6fe19ccb59cac54b5b3f25e160870' (2023-12-25)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/7790e078f8979a9fcd543f9a47427eeaba38f268' (2023-12-23)
  → 'github:NixOS/nixpkgs/0aad9113182747452dbfc68b93c86e168811fa6c' (2023-12-30)
 2023-12-31 03:01:57 +00:00
github-actions[bot]
e523e89763 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/aa9d4729cbc99dabacb50e3994dcefb3ea0f7447' (2023-12-14)
  → 'github:NixOS/nixpkgs/d6863cbcbbb80e71cecfc03356db1cda38919523' (2023-12-21)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/a19a71d1ee93226fd71984359552affbc1cd3dc3' (2023-12-17)
  → 'github:NixOS/nixpkgs/7790e078f8979a9fcd543f9a47427eeaba38f268' (2023-12-23)
 2023-12-24 03:11:42 +00:00
dependabot[bot]
f7db64b88d update vendorHash 2023-12-18 22:12:47 +00:00
dependabot[bot]
87bacb8118 build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-18 22:12:47 +00:00
EmergentMind
21f2b8f123 Remove confusing and redundant left over text 
This line is left over from a set of instructions that were previously incorporated into an early console example under "you can generate yourself a key:" above.
 2023-12-17 11:22:42 +00:00
github-actions[bot]
097f821488 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/e9ef8a102c555da4f8f417fe5cf5bd539d8a38b7' (2023-12-08)
  → 'github:NixOS/nixpkgs/aa9d4729cbc99dabacb50e3994dcefb3ea0f7447' (2023-12-14)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/b8f33c044e51de6dde3ad80a9676945e0e4e3227' (2023-12-09)
  → 'github:NixOS/nixpkgs/a19a71d1ee93226fd71984359552affbc1cd3dc3' (2023-12-17)
 2023-12-17 03:00:46 +00:00
github-actions[bot]
d806e546f9 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/f5c27c6136db4d76c30e533c20517df6864c46ee' (2023-11-30)
  → 'github:NixOS/nixpkgs/e9ef8a102c555da4f8f417fe5cf5bd539d8a38b7' (2023-12-08)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/dc01248a9c946953ad4d438b0a626f5c987a93e4' (2023-12-03)
  → 'github:NixOS/nixpkgs/b8f33c044e51de6dde3ad80a9676945e0e4e3227' (2023-12-09)
 2023-12-10 02:59:53 +00:00
dependabot[bot]
e91ece6d2c build(deps): bump cachix/install-nix-action from 23 to 24 
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 23 to 24.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v23...v24)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-04 22:14:12 +00:00
github-actions[bot]
8bca48cb9a flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/0bd59c54ef06bc34eca01e37d689f5e46b3fe2f1' (2023-11-24)
  → 'github:NixOS/nixpkgs/f5c27c6136db4d76c30e533c20517df6864c46ee' (2023-11-30)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/dfb95385d21475da10b63da74ae96d89ab352431' (2023-11-25)
  → 'github:NixOS/nixpkgs/dc01248a9c946953ad4d438b0a626f5c987a93e4' (2023-12-03)
 2023-12-03 03:00:36 +00:00
Jörg Thalheim
e19071f995 README: link to infra repo instead of my dotfiles 2023-12-02 11:58:18 +00:00
Jörg Thalheim
4abfe90153 README: link to video tutorial 2023-12-02 12:53:07 +01:00
dependabot[bot]
b1edbf5c04 update vendorHash 2023-11-27 23:22:33 +00:00
dependabot[bot]
f9442c477d build(deps): bump golang.org/x/crypto from 0.15.0 to 0.16.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.15.0 to 0.16.0.
- [Commits](https://github.com/golang/crypto/compare/v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-11-27 23:22:33 +00:00
github-actions[bot]
4be58d8026 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/7414e9ee0b3e9903c24d3379f577a417f0aae5f1' (2023-11-16)
  → 'github:NixOS/nixpkgs/0bd59c54ef06bc34eca01e37d689f5e46b3fe2f1' (2023-11-24)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/decdf666c833a325cb4417041a90681499e06a41' (2023-11-18)
  → 'github:NixOS/nixpkgs/dfb95385d21475da10b63da74ae96d89ab352431' (2023-11-25)
 2023-11-26 03:00:39 +00:00
github-actions[bot]
49a87c6c82 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/9b92dad3804b543a8b5db878aabf7132d601fa91' (2023-11-07)
  → 'github:NixOS/nixpkgs/7414e9ee0b3e9903c24d3379f577a417f0aae5f1' (2023-11-16)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/9502d0245983bb233da8083b55d60d96fd3c29ff' (2023-11-12)
  → 'github:NixOS/nixpkgs/decdf666c833a325cb4417041a90681499e06a41' (2023-11-18)
 2023-11-19 03:00:23 +00:00
Sandro Jäckel
0e3a94167d sops-install-secrets: don't trigger a rebuild when flake.lock changes 
When you have a follow in your flake inputs, sops-install-secrets is
rebuild everytime the flake.lock changes despite that being a noop. When
filtering src this can be avoided.
 2023-11-14 08:42:18 +00:00