1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2025-03-17 05:58:15 +00:00
Commit graph

42 commits

Author SHA1 Message Date
Jeremy Fleischman
60e1bce199 Add support for restartUnits and reloadUnits for templates
This fixes https://github.com/Mic92/sops-nix/issues/634
2024-11-08 06:34:20 +00:00
Jeremy Fleischman
c9f6b151cc fix: create template.path symlink
This fixes https://github.com/Mic92/sops-nix/issues/653.

Note: `main.go` has been slowly accumulating shared logic between vanilla
"secrets" and "templates". It feels to me like we could DRY up some of
the logic in here by creating some shared "interface" that they both
implement. I opted not to try to tackle that here, though.
2024-11-08 06:07:13 +00:00
Jeremy Fleischman
fe63071416 Improve activation messages about rendered templates
This fixes https://github.com/Mic92/sops-nix/issues/652
2024-11-07 19:49:39 +00:00
Jeremy Fleischman
33f18b404e Rework restart-and-reload to assert more strictly on the activation output
I've reworked the test to assert on the entire output. This allows us to
detect unexpected output without having to write weird "i expect this
random string to *not* show up assertions", which aren't great at
preventing regressions.

I did have to change the code under test a little bit to make it
behavior deterministically (by sorting the files it outputs).

tl;dr: this demonstrates <https://github.com/Mic92/sops-nix/issues/652>
but does not fix it. I will fix it in a subsequent commit.
2024-11-07 19:49:39 +00:00
Jeremy Fleischman
aa5caa129b rebase, complete implementation 2024-11-06 04:55:41 +00:00
Martijn de Munnik
a4c33bfecb Allow to set uid and gid instead of owner and group. No checks will be performed when uid and gid are set.
```
sops.secrets = {
  sslCertificate = {
    sopsFile = ./secrets.yaml;
    owner = "";
    group = "";
    uid = config.containers."nginx".config.users.users."nginx".uid;
    gid = config.containers."nginx".config.users.groups."nginx".gid;
  };
  sslCertificateKey = {
    sopsFile = ./secrets.yaml;
    owner = "";
    group = "";
    uid = config.containers."nginx".config.users.users."nginx".uid;
    gid = config.containers."nginx".config.users.groups."nginx".gid;
  };
};
```

Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
2024-10-23 07:38:42 +00:00
Jörg Thalheim
2750ed784e nixos-tests: enable system switch again 2024-10-06 16:02:18 +00:00
r-vdp
d9d781523a Support userborn 2024-09-05 12:42:46 +00:00
Ramses
5db5921e40
Reuse the existing nixpkgs instance for the tests instead of re-importing it (#611)
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2024-09-01 14:30:42 +00:00
the-furry-hubofeverything
74f03c1a51 Refuse age keyfile paths that are in the nix store 2024-04-18 08:17:46 +00:00
Jörg Thalheim
695275c349 make sops-install-secrets work with sysusers 2024-02-12 15:30:32 +01:00
Jörg Thalheim
2168851d58 nixos-tests: drop < 23.11 compat code 2024-02-08 13:05:11 +00:00
pizmovc
0a9d5e41f6 fixup! Rename passwordFile to hashedPasswordFile 2023-11-06 06:36:07 +00:00
pizmovc
4e3f66f703 Rename passwordFile to hashedPasswordFile
This follows the rename that was done in nixpkgs.

Reference PR https://github.com/NixOS/nixpkgs/pull/254080
2023-11-06 06:36:07 +00:00
mlatus
4de4d820ba fix scope in sops.templates; add relevant test 2023-04-18 12:47:12 +08:00
mlatus
bae4d46397 add test for sops.templates 2023-03-23 23:06:04 +08:00
Janne Heß
8f8e4e7cdd
Fix test indentation once and for all 2022-07-09 00:07:09 +02:00
Janne Heß
a94c4a7d40
Remove the 21.11 version 2022-07-04 20:23:46 +02:00
Jörg Thalheim
5d69dafb8d
no longer use deprecated .machine attribute in nixos tests 2022-05-25 08:55:27 +02:00
Janne Heß
5e2f743edd
Re-add service restarts
We also have service reloads now, so add them as well
2022-03-14 17:30:56 +01:00
Janne Heß
23259ded2c Remove restart logic from README and test
The required code in nixpkgs was reverted so we should not advertise a
feature that does not work. We can revert this commit if the feature is
re-merged into 22.05 with the proper version in it.
2021-11-29 10:24:45 +01:00
Janne Heß
bac2a891b7
Fix user passwords disappearing
Also add a test case for this.
Closes #137
2021-11-13 14:17:51 +01:00
Janne Heß
af29ac4d84
Prune old secrets generations
Closes #128
2021-11-09 23:17:55 +01:00
Janne Heß
bac08f6919
Allow setting user passwords 2021-11-07 13:53:16 +01:00
Janne Heß
9683d128bd
Add support for restarting/reloading units 2021-11-07 12:37:57 +01:00
Janne Heß
2b9a0815ca
Implement nested secrets 2021-09-30 21:49:47 +02:00
Jörg Thalheim
c5e0f55d8d nixos-tests: fix identations 2021-09-30 21:09:26 +02:00
Janne Heß
4cebc08062
Fix age key generation and test it 2021-09-30 15:28:39 +02:00
Janne Heß
4568162629
Import age ssh keys by default 2021-09-24 12:09:53 +02:00
Janne Heß
db8fcb50a3
Add support for ssh-generated age keys 2021-09-24 12:09:52 +02:00
Janne Heß
b21c0ce3a8
Group gnupg and age in the module 2021-09-24 12:09:52 +02:00
Janne Heß
f5a2ba217b
Add age support 2021-09-24 12:09:52 +02:00
Janne Heß
ebfa120b52
Fix pipeline on unstable 2021-09-17 21:08:34 +02:00
Jörg Thalheim
34a650555e
fix nixos-test
We no longer require membership in keys group.
2021-07-03 08:20:27 +02:00
Eduard Bopp
0be44e088b Fix impurity in test invocation
The system must be specified, as its default is
`builtins.currentSystem`, which is disallowed as an impure function
during flake evaluation.
2021-01-26 15:48:56 +01:00
Jörg Thalheim
bffb0afb48
fix replace existing files 2020-07-19 23:23:38 +01:00
Jörg Thalheim
59803f7530
fix user manifest validation in sandbox
we should not lookup users there
2020-07-19 21:04:58 +01:00
Jörg Thalheim
4eda6711ba
fix /etc/secrets.d permissions 2020-07-14 13:21:07 +01:00
Jörg Thalheim
7bd84011ef
fix sops nixos module 2020-07-12 17:52:03 +01:00
Jörg Thalheim
1745bb9f95
build nixos tests on CI. 2020-07-12 17:45:31 +01:00
Jörg Thalheim
38e71e351c
reference nixos tests in sops-install-secrets 2020-07-12 16:59:20 +01:00
Jörg Thalheim
b75e51c423
add tests + ssh key support 2020-07-12 13:50:55 +01:00