mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2024-12-14 11:57:52 +00:00
Code Activity
733 commits 14 branches 1 tag 2.8 MiB
Commit graph

733 commits

This branch
This branch
All branches
Author SHA1 Message Date
Sirio Balmelli
48afd3264e home-manager/darwin: run sops-nix-user _once_ on login or activation 
Correct a bug where 'KeepAlive' in the launchd service
'org.nix-community.home.sops-nix.plist'
re-runs 'sops-nix-user' every few seconds.

This should run:

- once at boot
- once at home-manager profile activation

Signed-off-by: Sirio Balmelli <sirio@b-ad.ch>
 2024-02-13 17:36:42 +01:00
Jörg Thalheim
695275c349 make sops-install-secrets work with sysusers 2024-02-12 15:30:32 +01:00
github-actions[bot]
2eb7c4ba3a flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/f8e2ebd66d097614d51a56a755450d4ae1632df1' (2024-02-07)
  → 'github:NixOS/nixpkgs/442d407992384ed9c0e6d352de75b69079904e4e' (2024-02-09)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/bc6cb3d59b7aab88e967264254f8c1aa4c0284e9' (2024-02-08)
  → 'github:NixOS/nixpkgs/d8cd80616c8800feec0cab64331d7c3d5a1a6d98' (2024-02-10)
 2024-02-11 03:03:34 +00:00
Jörg Thalheim
2168851d58 nixos-tests: drop < 23.11 compat code 2024-02-08 13:05:11 +00:00
Jörg Thalheim
98aa76b72e bump nixos-stable release 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/79a13f1437e149dc7be2d1290c74d378dad60814' (2024-02-03)
  → 'github:NixOS/nixpkgs/f8e2ebd66d097614d51a56a755450d4ae1632df1' (2024-02-07)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/9a333eaa80901efe01df07eade2c16d183761fa3' (2024-01-22)
  → 'github:NixOS/nixpkgs/bc6cb3d59b7aab88e967264254f8c1aa4c0284e9' (2024-02-08)
 2024-02-08 12:26:52 +00:00
Jörg Thalheim
00071af896 move secrets-fo-users to it's own module 
This preparation to support sysusers.
No behavior change.
 2024-02-08 12:26:52 +00:00
github-actions[bot]
23f61b897c flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/4fddc9be4eaf195d631333908f2a454b03628ee5' (2024-01-25)
  → 'github:NixOS/nixpkgs/79a13f1437e149dc7be2d1290c74d378dad60814' (2024-02-03)
 2024-02-04 02:59:07 +00:00
github-actions[bot]
73bf36912e flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/e5d1c87f5813afde2dda384ac807c57a105721cc' (2024-01-19)
  → 'github:NixOS/nixpkgs/4fddc9be4eaf195d631333908f2a454b03628ee5' (2024-01-25)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/a1982c92d8980a0114372973cbdfe0a307f1bdea' (2024-01-12)
  → 'github:NixOS/nixpkgs/9a333eaa80901efe01df07eade2c16d183761fa3' (2024-01-22)
 2024-01-28 03:00:21 +00:00
Haru02w
4606d9b159 Add info about hash passwords 2024-01-24 22:06:12 +01:00
github-actions[bot]
ae171b54e7 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/eabe8d3eface69f5bb16c18f8662a702f50c20d5' (2024-01-09)
  → 'github:NixOS/nixpkgs/e5d1c87f5813afde2dda384ac807c57a105721cc' (2024-01-19)
 2024-01-21 02:59:43 +00:00
dependabot[bot]
8775533158 build(deps): bump cachix/install-nix-action from 24 to 25 
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 24 to 25.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v24...v25)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-15 22:14:37 +00:00
github-actions[bot]
70dd0d521f flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/63143ac2c9186be6d9da6035fa22620018c85932' (2024-01-02)
  → 'github:NixOS/nixpkgs/eabe8d3eface69f5bb16c18f8662a702f50c20d5' (2024-01-09)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/70bdadeb94ffc8806c0570eb5c2695ad29f0e421' (2024-01-03)
  → 'github:NixOS/nixpkgs/a1982c92d8980a0114372973cbdfe0a307f1bdea' (2024-01-12)
 2024-01-14 02:59:13 +00:00
Jörg Thalheim
c0b3a5af90 fix wrong error message in ssh key import 2024-01-10 18:37:54 +01:00
Jörg Thalheim
020dcff707 allow ssh key import to fail 
We import ssh keys by default if openssh is enabled.
However if users are using age keys while using sops to deploy ssh keys we have
a catch-22.
While users could use lib.mkForce to empty the list, this is not intuitive
 2024-01-10 17:59:57 +01:00
Jörg Thalheim
5bd3f71f07 Update README.md 2024-01-10 16:58:27 +00:00
EmergentMind
4cf467173b Update README.md 
Add  home-manager usage example that is inline with current recommended sops-nix installation approach. The required import path is substantially different than that of the other example, which has been retained.
 2024-01-10 16:58:27 +00:00
Enno Richter
6db9bd9ace fix typo in README.md 2024-01-10 16:53:11 +00:00
dependabot[bot]
0ded574120 update vendorHash 2024-01-08 22:35:04 +00:00
dependabot[bot]
6a5082dcc2 build(deps): bump golang.org/x/crypto from 0.17.0 to 0.18.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/crypto/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-08 22:35:04 +00:00
github-actions[bot]
f5fbcc0f50 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/e1fa12d4f6c6fe19ccb59cac54b5b3f25e160870' (2023-12-25)
  → 'github:NixOS/nixpkgs/63143ac2c9186be6d9da6035fa22620018c85932' (2024-01-02)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/0aad9113182747452dbfc68b93c86e168811fa6c' (2023-12-30)
  → 'github:NixOS/nixpkgs/70bdadeb94ffc8806c0570eb5c2695ad29f0e421' (2024-01-03)
 2024-01-07 03:01:50 +00:00
github-actions[bot]
cfdbaf68d0 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/d6863cbcbbb80e71cecfc03356db1cda38919523' (2023-12-21)
  → 'github:NixOS/nixpkgs/e1fa12d4f6c6fe19ccb59cac54b5b3f25e160870' (2023-12-25)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/7790e078f8979a9fcd543f9a47427eeaba38f268' (2023-12-23)
  → 'github:NixOS/nixpkgs/0aad9113182747452dbfc68b93c86e168811fa6c' (2023-12-30)
 2023-12-31 03:01:57 +00:00
github-actions[bot]
e523e89763 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/aa9d4729cbc99dabacb50e3994dcefb3ea0f7447' (2023-12-14)
  → 'github:NixOS/nixpkgs/d6863cbcbbb80e71cecfc03356db1cda38919523' (2023-12-21)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/a19a71d1ee93226fd71984359552affbc1cd3dc3' (2023-12-17)
  → 'github:NixOS/nixpkgs/7790e078f8979a9fcd543f9a47427eeaba38f268' (2023-12-23)
 2023-12-24 03:11:42 +00:00
dependabot[bot]
f7db64b88d update vendorHash 2023-12-18 22:12:47 +00:00
dependabot[bot]
87bacb8118 build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-18 22:12:47 +00:00
EmergentMind
21f2b8f123 Remove confusing and redundant left over text 
This line is left over from a set of instructions that were previously incorporated into an early console example under "you can generate yourself a key:" above.
 2023-12-17 11:22:42 +00:00
github-actions[bot]
097f821488 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/e9ef8a102c555da4f8f417fe5cf5bd539d8a38b7' (2023-12-08)
  → 'github:NixOS/nixpkgs/aa9d4729cbc99dabacb50e3994dcefb3ea0f7447' (2023-12-14)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/b8f33c044e51de6dde3ad80a9676945e0e4e3227' (2023-12-09)
  → 'github:NixOS/nixpkgs/a19a71d1ee93226fd71984359552affbc1cd3dc3' (2023-12-17)
 2023-12-17 03:00:46 +00:00
github-actions[bot]
d806e546f9 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/f5c27c6136db4d76c30e533c20517df6864c46ee' (2023-11-30)
  → 'github:NixOS/nixpkgs/e9ef8a102c555da4f8f417fe5cf5bd539d8a38b7' (2023-12-08)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/dc01248a9c946953ad4d438b0a626f5c987a93e4' (2023-12-03)
  → 'github:NixOS/nixpkgs/b8f33c044e51de6dde3ad80a9676945e0e4e3227' (2023-12-09)
 2023-12-10 02:59:53 +00:00
dependabot[bot]
e91ece6d2c build(deps): bump cachix/install-nix-action from 23 to 24 
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 23 to 24.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v23...v24)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-12-04 22:14:12 +00:00
github-actions[bot]
8bca48cb9a flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/0bd59c54ef06bc34eca01e37d689f5e46b3fe2f1' (2023-11-24)
  → 'github:NixOS/nixpkgs/f5c27c6136db4d76c30e533c20517df6864c46ee' (2023-11-30)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/dfb95385d21475da10b63da74ae96d89ab352431' (2023-11-25)
  → 'github:NixOS/nixpkgs/dc01248a9c946953ad4d438b0a626f5c987a93e4' (2023-12-03)
 2023-12-03 03:00:36 +00:00
Jörg Thalheim
e19071f995 README: link to infra repo instead of my dotfiles 2023-12-02 11:58:18 +00:00
Jörg Thalheim
4abfe90153 README: link to video tutorial 2023-12-02 12:53:07 +01:00
dependabot[bot]
b1edbf5c04 update vendorHash 2023-11-27 23:22:33 +00:00
dependabot[bot]
f9442c477d build(deps): bump golang.org/x/crypto from 0.15.0 to 0.16.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.15.0 to 0.16.0.
- [Commits](https://github.com/golang/crypto/compare/v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-11-27 23:22:33 +00:00
github-actions[bot]
4be58d8026 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/7414e9ee0b3e9903c24d3379f577a417f0aae5f1' (2023-11-16)
  → 'github:NixOS/nixpkgs/0bd59c54ef06bc34eca01e37d689f5e46b3fe2f1' (2023-11-24)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/decdf666c833a325cb4417041a90681499e06a41' (2023-11-18)
  → 'github:NixOS/nixpkgs/dfb95385d21475da10b63da74ae96d89ab352431' (2023-11-25)
 2023-11-26 03:00:39 +00:00
github-actions[bot]
49a87c6c82 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/9b92dad3804b543a8b5db878aabf7132d601fa91' (2023-11-07)
  → 'github:NixOS/nixpkgs/7414e9ee0b3e9903c24d3379f577a417f0aae5f1' (2023-11-16)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/9502d0245983bb233da8083b55d60d96fd3c29ff' (2023-11-12)
  → 'github:NixOS/nixpkgs/decdf666c833a325cb4417041a90681499e06a41' (2023-11-18)
 2023-11-19 03:00:23 +00:00
Sandro Jäckel
0e3a94167d sops-install-secrets: don't trigger a rebuild when flake.lock changes 
When you have a follow in your flake inputs, sops-install-secrets is
rebuild everytime the flake.lock changes despite that being a noop. When
filtering src this can be avoided.
 2023-11-14 08:42:18 +00:00
dependabot[bot]
074ff78f8d update vendorHash 2023-11-13 22:37:51 +00:00
dependabot[bot]
1eca5a668a build(deps): bump golang.org/x/crypto from 0.14.0 to 0.15.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.15.0.
- [Commits](https://github.com/golang/crypto/compare/v0.14.0...v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-11-13 22:37:51 +00:00
github-actions[bot]
2fc3c9edc3 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/9d5d25bbfe8c0297ebe85324addcb5020ed1a454' (2023-11-04)
  → 'github:NixOS/nixpkgs/9b92dad3804b543a8b5db878aabf7132d601fa91' (2023-11-07)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/78f3a4ae19f0e99d5323dd2e3853916b8ee4afee' (2023-11-04)
  → 'github:NixOS/nixpkgs/9502d0245983bb233da8083b55d60d96fd3c29ff' (2023-11-12)
 2023-11-12 06:25:33 +00:00
dependabot[bot]
6641875398 update vendorHash 2023-11-06 23:04:18 +00:00
dependabot[bot]
f06b968c4c build(deps): bump golang.org/x/sys from 0.13.0 to 0.14.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.13.0 to 0.14.0.
- [Commits](https://github.com/golang/sys/compare/v0.13.0...v0.14.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-11-06 23:04:18 +00:00
pizmovc
0a9d5e41f6 fixup! Rename passwordFile to hashedPasswordFile 2023-11-06 06:36:07 +00:00
pizmovc
4e3f66f703 Rename passwordFile to hashedPasswordFile 
This follows the rename that was done in nixpkgs.

Reference PR https://github.com/NixOS/nixpkgs/pull/254080
 2023-11-06 06:36:07 +00:00
github-actions[bot]
5bc2cde6e5 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/808c0d8c53c7ae50f82aca8e7df263225cf235bf' (2023-10-26)
  → 'github:NixOS/nixpkgs/9d5d25bbfe8c0297ebe85324addcb5020ed1a454' (2023-11-04)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/d87c5d8c41c9b3b39592563242f3a448b5cc4bc9' (2023-10-29)
  → 'github:NixOS/nixpkgs/78f3a4ae19f0e99d5323dd2e3853916b8ee4afee' (2023-11-04)
 2023-11-05 03:00:51 +00:00
Jörg Thalheim
275b28593e sops-install-secrets: check that both uid & gid are correct on mountpoints 2023-11-03 15:23:39 +01:00
Jörg Thalheim
c59da7ac29 reformat with gofumpt 2023-11-03 14:49:21 +01:00
Jörg Thalheim
cc2cfe5630 don't chown mountpoint if already correct 
This avoids issues where directory might be bind mounted.
 2023-11-03 14:49:21 +01:00
Sandro
84d6b27dc7 Suggest command to encrypt binary that respect .sopy.aml 
Based on https://github.com/getsops/sops/issues/594#issuecomment-569132718 and tested locally successful
 2023-11-02 13:49:36 +01:00
github-actions[bot]
632c3161a6 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/44881e03af1c730cbb1d72a4d41274a2c957813a' (2023-10-21)
  → 'github:NixOS/nixpkgs/808c0d8c53c7ae50f82aca8e7df263225cf235bf' (2023-10-26)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/fb000224952bf7749a9e8b3779104ef7ea4465c8' (2023-10-21)
  → 'github:NixOS/nixpkgs/d87c5d8c41c9b3b39592563242f3a448b5cc4bc9' (2023-10-29)
 2023-10-29 03:04:07 +00:00
dependabot[bot]
014e44d334 update vendorHash 2023-10-25 22:40:36 +00:00