Jeremy Fleischman
60e1bce199
Add support for restartUnits
and reloadUnits
for templates
...
This fixes https://github.com/Mic92/sops-nix/issues/634
2024-11-08 06:34:20 +00:00
Jeremy Fleischman
c9f6b151cc
fix: create template.path
symlink
...
This fixes https://github.com/Mic92/sops-nix/issues/653 .
Note: `main.go` has been slowly accumulating shared logic between vanilla
"secrets" and "templates". It feels to me like we could DRY up some of
the logic in here by creating some shared "interface" that they both
implement. I opted not to try to tackle that here, though.
2024-11-08 06:07:13 +00:00
Jeremy Fleischman
fe63071416
Improve activation messages about rendered templates
...
This fixes https://github.com/Mic92/sops-nix/issues/652
2024-11-07 19:49:39 +00:00
Jeremy Fleischman
33f18b404e
Rework restart-and-reload
to assert more strictly on the activation output
...
I've reworked the test to assert on the entire output. This allows us to
detect unexpected output without having to write weird "i expect this
random string to *not* show up assertions", which aren't great at
preventing regressions.
I did have to change the code under test a little bit to make it
behavior deterministically (by sorting the files it outputs).
tl;dr: this demonstrates <https://github.com/Mic92/sops-nix/issues/652 >
but does not fix it. I will fix it in a subsequent commit.
2024-11-07 19:49:39 +00:00
Jeremy Fleischman
aa5caa129b
rebase, complete implementation
2024-11-06 04:55:41 +00:00
Martijn de Munnik
a4c33bfecb
Allow to set uid and gid instead of owner and group. No checks will be performed when uid and gid are set.
...
```
sops.secrets = {
sslCertificate = {
sopsFile = ./secrets.yaml;
owner = "";
group = "";
uid = config.containers."nginx".config.users.users."nginx".uid;
gid = config.containers."nginx".config.users.groups."nginx".gid;
};
sslCertificateKey = {
sopsFile = ./secrets.yaml;
owner = "";
group = "";
uid = config.containers."nginx".config.users.users."nginx".uid;
gid = config.containers."nginx".config.users.groups."nginx".gid;
};
};
```
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
2024-10-23 07:38:42 +00:00
Jörg Thalheim
2750ed784e
nixos-tests: enable system switch again
2024-10-06 16:02:18 +00:00
r-vdp
d9d781523a
Support userborn
2024-09-05 12:42:46 +00:00
Ramses
5db5921e40
Reuse the existing nixpkgs instance for the tests instead of re-importing it ( #611 )
...
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
2024-09-01 14:30:42 +00:00
the-furry-hubofeverything
74f03c1a51
Refuse age keyfile paths that are in the nix store
2024-04-18 08:17:46 +00:00
Jörg Thalheim
695275c349
make sops-install-secrets work with sysusers
2024-02-12 15:30:32 +01:00
Jörg Thalheim
2168851d58
nixos-tests: drop < 23.11 compat code
2024-02-08 13:05:11 +00:00
pizmovc
0a9d5e41f6
fixup! Rename passwordFile to hashedPasswordFile
2023-11-06 06:36:07 +00:00
pizmovc
4e3f66f703
Rename passwordFile to hashedPasswordFile
...
This follows the rename that was done in nixpkgs.
Reference PR https://github.com/NixOS/nixpkgs/pull/254080
2023-11-06 06:36:07 +00:00
mlatus
4de4d820ba
fix scope in sops.templates; add relevant test
2023-04-18 12:47:12 +08:00
mlatus
bae4d46397
add test for sops.templates
2023-03-23 23:06:04 +08:00
Janne Heß
8f8e4e7cdd
Fix test indentation once and for all
2022-07-09 00:07:09 +02:00
Janne Heß
a94c4a7d40
Remove the 21.11 version
2022-07-04 20:23:46 +02:00
Jörg Thalheim
5d69dafb8d
no longer use deprecated .machine
attribute in nixos tests
2022-05-25 08:55:27 +02:00
Janne Heß
5e2f743edd
Re-add service restarts
...
We also have service reloads now, so add them as well
2022-03-14 17:30:56 +01:00
Janne Heß
23259ded2c
Remove restart logic from README and test
...
The required code in nixpkgs was reverted so we should not advertise a
feature that does not work. We can revert this commit if the feature is
re-merged into 22.05 with the proper version in it.
2021-11-29 10:24:45 +01:00
Janne Heß
bac2a891b7
Fix user passwords disappearing
...
Also add a test case for this.
Closes #137
2021-11-13 14:17:51 +01:00
Janne Heß
af29ac4d84
Prune old secrets generations
...
Closes #128
2021-11-09 23:17:55 +01:00
Janne Heß
bac08f6919
Allow setting user passwords
2021-11-07 13:53:16 +01:00
Janne Heß
9683d128bd
Add support for restarting/reloading units
2021-11-07 12:37:57 +01:00
Janne Heß
2b9a0815ca
Implement nested secrets
2021-09-30 21:49:47 +02:00
Jörg Thalheim
c5e0f55d8d
nixos-tests: fix identations
2021-09-30 21:09:26 +02:00
Janne Heß
4cebc08062
Fix age key generation and test it
2021-09-30 15:28:39 +02:00
Janne Heß
4568162629
Import age ssh keys by default
2021-09-24 12:09:53 +02:00
Janne Heß
db8fcb50a3
Add support for ssh-generated age keys
2021-09-24 12:09:52 +02:00
Janne Heß
b21c0ce3a8
Group gnupg and age in the module
2021-09-24 12:09:52 +02:00
Janne Heß
f5a2ba217b
Add age support
2021-09-24 12:09:52 +02:00
Janne Heß
ebfa120b52
Fix pipeline on unstable
2021-09-17 21:08:34 +02:00
Jörg Thalheim
34a650555e
fix nixos-test
...
We no longer require membership in keys group.
2021-07-03 08:20:27 +02:00
Eduard Bopp
0be44e088b
Fix impurity in test invocation
...
The system must be specified, as its default is
`builtins.currentSystem`, which is disallowed as an impure function
during flake evaluation.
2021-01-26 15:48:56 +01:00
Jörg Thalheim
bffb0afb48
fix replace existing files
2020-07-19 23:23:38 +01:00
Jörg Thalheim
59803f7530
fix user manifest validation in sandbox
...
we should not lookup users there
2020-07-19 21:04:58 +01:00
Jörg Thalheim
4eda6711ba
fix /etc/secrets.d permissions
2020-07-14 13:21:07 +01:00
Jörg Thalheim
7bd84011ef
fix sops nixos module
2020-07-12 17:52:03 +01:00
Jörg Thalheim
1745bb9f95
build nixos tests on CI.
2020-07-12 17:45:31 +01:00
Jörg Thalheim
38e71e351c
reference nixos tests in sops-install-secrets
2020-07-12 16:59:20 +01:00
Jörg Thalheim
b75e51c423
add tests + ssh key support
2020-07-12 13:50:55 +01:00