sops-nix

mirror of https://github.com/Mic92/sops-nix.git synced 2025-03-17 05:58:15 +00:00

Author	SHA1	Message	Date
Jeremy Fleischman	60e1bce199	Add support for `restartUnits` and `reloadUnits` for templates This fixes https://github.com/Mic92/sops-nix/issues/634	2024-11-08 06:34:20 +00:00
Jeremy Fleischman	c9f6b151cc	fix: create `template.path` symlink This fixes https://github.com/Mic92/sops-nix/issues/653. Note: `main.go` has been slowly accumulating shared logic between vanilla "secrets" and "templates". It feels to me like we could DRY up some of the logic in here by creating some shared "interface" that they both implement. I opted not to try to tackle that here, though.	2024-11-08 06:07:13 +00:00
Jeremy Fleischman	fe63071416	Improve activation messages about rendered templates This fixes https://github.com/Mic92/sops-nix/issues/652	2024-11-07 19:49:39 +00:00
Jeremy Fleischman	33f18b404e	Rework `restart-and-reload` to assert more strictly on the activation output I've reworked the test to assert on the entire output. This allows us to detect unexpected output without having to write weird "i expect this random string to not show up assertions", which aren't great at preventing regressions. I did have to change the code under test a little bit to make it behavior deterministically (by sorting the files it outputs). tl;dr: this demonstrates <https://github.com/Mic92/sops-nix/issues/652> but does not fix it. I will fix it in a subsequent commit.	2024-11-07 19:49:39 +00:00
Jeremy Fleischman	aa5caa129b	rebase, complete implementation	2024-11-06 04:55:41 +00:00
Martijn de Munnik	a4c33bfecb	Allow to set uid and gid instead of owner and group. No checks will be performed when uid and gid are set. ``` sops.secrets = { sslCertificate = { sopsFile = ./secrets.yaml; owner = ""; group = ""; uid = config.containers."nginx".config.users.users."nginx".uid; gid = config.containers."nginx".config.users.groups."nginx".gid; }; sslCertificateKey = { sopsFile = ./secrets.yaml; owner = ""; group = ""; uid = config.containers."nginx".config.users.users."nginx".uid; gid = config.containers."nginx".config.users.groups."nginx".gid; }; }; ``` Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>	2024-10-23 07:38:42 +00:00
Jörg Thalheim	2750ed784e	nixos-tests: enable system switch again	2024-10-06 16:02:18 +00:00
r-vdp	d9d781523a	Support userborn	2024-09-05 12:42:46 +00:00
Ramses	5db5921e40	Reuse the existing nixpkgs instance for the tests instead of re-importing it (#611 ) Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>	2024-09-01 14:30:42 +00:00
the-furry-hubofeverything	74f03c1a51	Refuse age keyfile paths that are in the nix store	2024-04-18 08:17:46 +00:00
Jörg Thalheim	695275c349	make sops-install-secrets work with sysusers	2024-02-12 15:30:32 +01:00
Jörg Thalheim	2168851d58	nixos-tests: drop < 23.11 compat code	2024-02-08 13:05:11 +00:00
pizmovc	0a9d5e41f6	fixup! Rename passwordFile to hashedPasswordFile	2023-11-06 06:36:07 +00:00
pizmovc	4e3f66f703	Rename passwordFile to hashedPasswordFile This follows the rename that was done in nixpkgs. Reference PR https://github.com/NixOS/nixpkgs/pull/254080	2023-11-06 06:36:07 +00:00
mlatus	4de4d820ba	fix scope in sops.templates; add relevant test	2023-04-18 12:47:12 +08:00
mlatus	bae4d46397	add test for sops.templates	2023-03-23 23:06:04 +08:00
Janne Heß	8f8e4e7cdd	Fix test indentation once and for all	2022-07-09 00:07:09 +02:00
Janne Heß	a94c4a7d40	Remove the 21.11 version	2022-07-04 20:23:46 +02:00
Jörg Thalheim	5d69dafb8d	no longer use deprecated `.machine` attribute in nixos tests	2022-05-25 08:55:27 +02:00
Janne Heß	5e2f743edd	Re-add service restarts We also have service reloads now, so add them as well	2022-03-14 17:30:56 +01:00
Janne Heß	23259ded2c	Remove restart logic from README and test The required code in nixpkgs was reverted so we should not advertise a feature that does not work. We can revert this commit if the feature is re-merged into 22.05 with the proper version in it.	2021-11-29 10:24:45 +01:00
Janne Heß	bac2a891b7	Fix user passwords disappearing Also add a test case for this. Closes #137	2021-11-13 14:17:51 +01:00
Janne Heß	af29ac4d84	Prune old secrets generations Closes #128	2021-11-09 23:17:55 +01:00
Janne Heß	bac08f6919	Allow setting user passwords	2021-11-07 13:53:16 +01:00
Janne Heß	9683d128bd	Add support for restarting/reloading units	2021-11-07 12:37:57 +01:00
Janne Heß	2b9a0815ca	Implement nested secrets	2021-09-30 21:49:47 +02:00
Jörg Thalheim	c5e0f55d8d	nixos-tests: fix identations	2021-09-30 21:09:26 +02:00
Janne Heß	4cebc08062	Fix age key generation and test it	2021-09-30 15:28:39 +02:00
Janne Heß	4568162629	Import age ssh keys by default	2021-09-24 12:09:53 +02:00
Janne Heß	db8fcb50a3	Add support for ssh-generated age keys	2021-09-24 12:09:52 +02:00
Janne Heß	b21c0ce3a8	Group gnupg and age in the module	2021-09-24 12:09:52 +02:00
Janne Heß	f5a2ba217b	Add age support	2021-09-24 12:09:52 +02:00
Janne Heß	ebfa120b52	Fix pipeline on unstable	2021-09-17 21:08:34 +02:00
Jörg Thalheim	34a650555e	fix nixos-test We no longer require membership in keys group.	2021-07-03 08:20:27 +02:00
Eduard Bopp	0be44e088b	Fix impurity in test invocation The system must be specified, as its default is `builtins.currentSystem`, which is disallowed as an impure function during flake evaluation.	2021-01-26 15:48:56 +01:00
Jörg Thalheim	bffb0afb48	fix replace existing files	2020-07-19 23:23:38 +01:00
Jörg Thalheim	59803f7530	fix user manifest validation in sandbox we should not lookup users there	2020-07-19 21:04:58 +01:00
Jörg Thalheim	4eda6711ba	fix /etc/secrets.d permissions	2020-07-14 13:21:07 +01:00
Jörg Thalheim	7bd84011ef	fix sops nixos module	2020-07-12 17:52:03 +01:00
Jörg Thalheim	1745bb9f95	build nixos tests on CI.	2020-07-12 17:45:31 +01:00
Jörg Thalheim	38e71e351c	reference nixos tests in sops-install-secrets	2020-07-12 16:59:20 +01:00
Jörg Thalheim	b75e51c423	add tests + ssh key support	2020-07-12 13:50:55 +01:00

42 commits