mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2024-12-14 11:57:52 +00:00
Code Activity
645 commits 14 branches 1 tag 2.8 MiB
Commit graph

120 commits

Author SHA1 Message Date
Mic92
339a559402 Add configuration option to use tmpfs in place of ramfs (#355) 
allow use of tmpfs via option configuration

* Tabs vs Spaces

* Update modules/sops/default.nix

* Update modules/sops/default.nix
 2023-08-12 09:45:08 +01:00
Jörg Thalheim
62a7c95c8c vendorHash: make it overridable 2023-07-15 06:49:20 +00:00
Roman Gonzalez
2ff6973350 fix(darwin): RuntimeDir trailing slash 
In later versions of macOS (e.g. Ventura), the command used to get a
runtime directory (e.g. `getconf DARWIN_USER_TEMP_DIR`) returns a
trailing slash.

When using a configuration like:

```
sops.defaultSecretsMountPoint = "%r/secrets.d";
```

The final path is going to contain a double slash in the suffix of the
path, an example:

```
/var/<random>/<hash>//secrets.d
```

This commit ensures that the runtime dir will get the trailing '/'
character removed.
 2023-06-22 01:49:29 +00:00
Roman Gonzalez
4ce3cc3428 fix(darwin): use chown only on non user mode 
On the latest version of macOS (Ventura 13.4 as of this date), this
change ownership will always fail with the error:

> Failed to mount filesystem for secrets: Cannot change owner/group of '.../secrets.d' to 0/0: chown .../secrets.d: operation not permitted
 2023-06-22 01:49:29 +00:00
Jörg Thalheim
2e77ca66d8
Merge pull request #326 from Mic92/deprecation-stuff 
fix makeSetupHook deprecations
 2023-05-08 05:58:13 +01:00
Jörg Thalheim
b84b3177a1 fix makeSetupHook's also for older nixos release 2023-05-08 06:48:56 +02:00
mlatus
4de4d820ba fix scope in sops.templates; add relevant test 2023-04-18 12:47:12 +08:00
mlatus
bae4d46397 add test for sops.templates 2023-03-23 23:06:04 +08:00
Tomas Zaluckij
bea992ff5e
fix makeSetupHook deprecations 2023-03-17 21:03:25 +00:00
Jörg Thalheim
4e50640bac go: drop deprecated ioutil 2023-02-28 09:44:31 +01:00
Pogobanane
716ccf8147 sops-install-secrets: disable unittest for darwin 
because $unittest is undefined on darwin and breaks the build/test
 2023-02-02 12:07:00 +01:00
Pogobanane
466d039190 darwin/home-manager: %r dir 2023-02-02 12:07:00 +01:00
Pogobanane
98834d958b darwin: impl MountSecretFs 2023-02-02 12:07:00 +01:00
Pogobanane
58ceff1f7b darwin: workaround missing user 2023-02-02 12:07:00 +01:00
Pogobanane
e6ccc740d8 darwin: impl SecureSymlinkChown 2023-02-02 12:07:00 +01:00
Pogobanane
783af739d2 fix go tests for darwin 2023-02-02 12:07:00 +01:00
Pogobanane
4f3d45c058 go files for darwin 
fixup
 2023-02-02 11:38:33 +01:00
Janne Heß
7f38c98162 More review fixups 2023-02-02 11:38:03 +01:00
Janne Heß
3afa9ca553 Fixup review comments 2023-02-02 11:38:03 +01:00
Janne Heß
acaf36a1bf Implement home-manager support 
Closes #62
Closes #163
 2023-02-02 11:38:03 +01:00
Jörg Thalheim
f234b0c865
TestIsValidFormat: don't use deprecated golang function 2023-02-01 22:08:03 +01:00
Jörg Thalheim
415302126e
Merge pull request #262 from lucasew/feat/type-dotenv 
format type: add dotenv and ini
 2023-02-01 21:54:15 +01:00
Nick Cao
a88f9dd22d
Fix build of sops-install-secrets after https://github.com/NixOS/nixpkgs/pull/212800 2023-02-01 13:16:38 +08:00
lucasew
eb09a61dc9 format type: add dotenv and ini 
Signed-off-by: lucasew <lucas59356@gmail.com>
 2023-01-17 10:55:52 -03:00
Jörg Kütemeier
7e0e679050
Update pkgs/sops-init-gpg-key/sops-init-gpg-key 
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
 2023-01-11 10:00:33 +01:00
Jörg Kütemeier
0ef86b61ee
Update pkgs/sops-init-gpg-key/sops-init-gpg-key 
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
 2023-01-11 10:00:25 +01:00
Jörg Kütemeier
965743c678
Add optional generation of Curve25519 type GPG keys 2023-01-05 22:51:58 +01:00
Sandro
a7a614f429
Remove unused code 2022-11-02 17:09:40 +01:00
Jörg Thalheim
9a381e3b2d no longer use out-dated aliases 2022-09-26 16:28:23 +02:00
Janne Heß
f0dddc1486
Fix lookup of users/groups in dry activation 
This fails otherwise as the users snippet was not executed and the
user/group does not exist.

Closes #222
 2022-08-25 16:14:10 +02:00
Jörg Thalheim
2c898a6d76
Merge pull request #205 from Mic92/fix/test-indentation 
Fix test indentation once and for all
 2022-07-10 19:28:03 +02:00
Janne Heß
8f8e4e7cdd
Fix test indentation once and for all 2022-07-09 00:07:09 +02:00
Janne Heß
cb4c79633d
Also print imported age keys 2022-07-09 00:04:54 +02:00
Janne Heß
a94c4a7d40
Remove the 21.11 version 2022-07-04 20:23:46 +02:00
Jörg Thalheim
5d69dafb8d
no longer use deprecated .machine attribute in nixos tests 2022-05-25 08:55:27 +02:00
Jörg Thalheim
150afcb240
move all nix expressions to pkgs 2022-05-15 08:19:33 +02:00
Janne Heß
5e2f743edd
Re-add service restarts 
We also have service reloads now, so add them as well
 2022-03-14 17:30:56 +01:00
Janne Heß
8677dd6909
Replace separator for nested keys for consistency 2021-11-29 12:20:25 +01:00
Janne Heß
23259ded2c Remove restart logic from README and test 
The required code in nixpkgs was reverted so we should not advertise a
feature that does not work. We can revert this commit if the feature is
re-merged into 22.05 with the proper version in it.
 2021-11-29 10:24:45 +01:00
Janne Heß
edb3913e10
Remove debug text 2021-11-23 22:32:41 +01:00
Janne Heß
bac2a891b7
Fix user passwords disappearing 
Also add a test case for this.
Closes #137
 2021-11-13 14:17:51 +01:00
Janne Heß
af29ac4d84
Prune old secrets generations 
Closes #128
 2021-11-09 23:17:55 +01:00
Janne Heß
bac08f6919
Allow setting user passwords 2021-11-07 13:53:16 +01:00
Janne Heß
79706f6748
Fix secrets mount point and remove default 2021-11-07 13:00:05 +01:00
Janne Heß
9683d128bd
Add support for restarting/reloading units 2021-11-07 12:37:57 +01:00
Janne Heß
2b9a0815ca
Implement nested secrets 2021-09-30 21:49:47 +02:00
Jörg Thalheim
c5e0f55d8d nixos-tests: fix identations 2021-09-30 21:09:26 +02:00
Janne Heß
4cebc08062
Fix age key generation and test it 2021-09-30 15:28:39 +02:00
Janne Heß
5db02f2939
Import age keyfile and ssh keys at the same time 2021-09-30 15:07:30 +02:00
Janne Heß
9083e64fb9
Swap order of age ssh keys and the key file 
It makes more sense to import the key when we have one and ignore the
SSH keys instead of only importing the key when we have no SSH keys.
This is because we import all SSH keys by default in the module and
using a key file means the use has to explicitly unset the SSH keys.
 2021-09-30 14:05:38 +02:00