1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2024-12-14 11:57:52 +00:00
Commit graph

874 commits

Author SHA1 Message Date
Joachim Ernst
cc535d07cb
remove all uses of lib.mdDoc (#532) 2024-04-15 11:55:09 +02:00
github-actions[bot]
226062b47f flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/9e7f26f82acb057498335362905fde6fea4ca50a' (2024-04-06)
  → 'github:NixOS/nixpkgs/a0c9e3aee1000ac2bfb0e5b98c94c946a5d180a9' (2024-04-12)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/e38d7cb66ea4f7a0eb6681920615dfcc30fc2920' (2024-04-06)
  → 'github:NixOS/nixpkgs/c27f3b6d8e29346af16eecc0e9d54b1071eae27e' (2024-04-13)
2024-04-14 03:55:50 +00:00
dependabot[bot]
538c114cfd update vendorHash 2024-04-08 23:00:41 +00:00
dependabot[bot]
104aabf324 Bump golang.org/x/crypto from 0.21.0 to 0.22.0
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.21.0 to 0.22.0.
- [Commits](https://github.com/golang/crypto/compare/v0.21.0...v0.22.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-08 23:00:41 +00:00
github-actions[bot]
39191e8e62 flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/807c549feabce7eddbf259dbdcec9e0600a0660d' (2024-03-29)
  → 'github:NixOS/nixpkgs/9e7f26f82acb057498335362905fde6fea4ca50a' (2024-04-06)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/2b4e3ca0091049c6fbb4908c66b05b77eaef9f0c' (2024-03-30)
  → 'github:NixOS/nixpkgs/e38d7cb66ea4f7a0eb6681920615dfcc30fc2920' (2024-04-06)
2024-04-07 03:01:48 +00:00
github-actions[bot]
99b1e37f9f flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/20bc93ca7b2158ebc99b8cef987a2173a81cde35' (2024-03-23)
  → 'github:NixOS/nixpkgs/807c549feabce7eddbf259dbdcec9e0600a0660d' (2024-03-29)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/ac6bdf6181666ebb4f90dd20f31e2fa66ede6b68' (2024-03-23)
  → 'github:NixOS/nixpkgs/2b4e3ca0091049c6fbb4908c66b05b77eaef9f0c' (2024-03-30)
2024-03-31 03:17:28 +00:00
github-actions[bot]
405987a66c flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/9af9c1c87ed3e3ed271934cb896e0cdd33dae212' (2024-03-15)
  → 'github:NixOS/nixpkgs/20bc93ca7b2158ebc99b8cef987a2173a81cde35' (2024-03-23)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/6dc11d9859d6a18ab0c5e5829a5b8e4810658de3' (2024-03-16)
  → 'github:NixOS/nixpkgs/ac6bdf6181666ebb4f90dd20f31e2fa66ede6b68' (2024-03-23)
2024-03-24 03:01:59 +00:00
github-actions[bot]
83b68a0e8c flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/0e7f98a5f30166cbed344569426850b21e4091d4' (2024-03-09)
  → 'github:NixOS/nixpkgs/9af9c1c87ed3e3ed271934cb896e0cdd33dae212' (2024-03-15)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/b17375d3bb7c79ffc52f3538028b2ec06eb79ef8' (2024-03-10)
  → 'github:NixOS/nixpkgs/6dc11d9859d6a18ab0c5e5829a5b8e4810658de3' (2024-03-16)
2024-03-17 03:03:14 +00:00
dependabot[bot]
6c32d3b9c7 update vendorHash 2024-03-14 17:24:24 +01:00
dependabot[bot]
0e2a9aeb92 build(deps): bump google.golang.org/protobuf from 1.30.0 to 1.33.0
Bumps google.golang.org/protobuf from 1.30.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-14 17:24:24 +01:00
dependabot[bot]
cf5f5d8e27 update vendorHash 2024-03-14 15:08:37 +00:00
dependabot[bot]
d076d5ea84 build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.2 to 3.0.3
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/v3.0.3/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.2...v3.0.3)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-14 15:08:37 +00:00
Jörg Thalheim
ebbca93858 Update README.md 2024-03-14 15:47:27 +01:00
GameDungeon
cc721b2bc1 Update README.md for impermanence users 2024-03-14 15:47:27 +01:00
Jörg Thalheim
fa8035c073 use gnupg binary also now for ssh rsa keys
With the last sops bump, our gpg keys are no longer detected by sops without it
2024-03-14 15:47:03 +01:00
Jörg Thalheim
85d13d5aa4 sops-install-secrets: also write out pubring to make gnupg happy 2024-03-14 15:47:03 +01:00
Jörg Thalheim
a2d9145e98 fix build with new ssh-to-age library 2024-03-14 15:47:03 +01:00
Janik H.
833bd28f8f .gitignore: add nix build result 2024-03-14 15:47:03 +01:00
Janik H.
eb7e7f0842 sops-install-secrets: change sops url
downgrade go-crypto again
2024-03-14 15:47:03 +01:00
dependabot[bot]
804157eb75 update vendorHash 2024-03-14 12:52:31 +01:00
dependabot[bot]
1385b12fb3 build(deps): bump golang.org/x/crypto from 0.20.0 to 0.21.0
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.20.0 to 0.21.0.
- [Commits](https://github.com/golang/crypto/compare/v0.20.0...v0.21.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-14 12:52:31 +01:00
Luflosi
7f015eeff1 modules/sops: fix typo
The assertion below states: "Exactly one of sops.gnupg.home and sops.gnupg.sshKeyPaths must be set".
2024-03-14 12:52:12 +01:00
dependabot[bot]
e52d8117b3 build(deps): bump cachix/install-nix-action from 25 to 26
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 25 to 26.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v25...v26)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-11 22:13:14 +00:00
github-actions[bot]
f8d5c8baa8 flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/458b097d81f90275b3fdf03796f0563844926708' (2024-03-02)
  → 'github:NixOS/nixpkgs/0e7f98a5f30166cbed344569426850b21e4091d4' (2024-03-09)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/66d65cb00b82ffa04ee03347595aa20e41fe3555' (2024-03-03)
  → 'github:NixOS/nixpkgs/b17375d3bb7c79ffc52f3538028b2ec06eb79ef8' (2024-03-10)
2024-03-10 03:03:26 +00:00
dependabot[bot]
25dd60fdd0 update vendorHash 2024-03-06 07:44:51 +00:00
dependabot[bot]
e3b396f42f build(deps): bump golang.org/x/sys from 0.17.0 to 0.18.0
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-06 07:44:51 +00:00
dependabot[bot]
291aad29b5 build(deps): bump DeterminateSystems/update-flake-lock from 20 to 21
Bumps [DeterminateSystems/update-flake-lock](https://github.com/determinatesystems/update-flake-lock) from 20 to 21.
- [Release notes](https://github.com/determinatesystems/update-flake-lock/releases)
- [Commits](https://github.com/determinatesystems/update-flake-lock/compare/v20...v21)

---
updated-dependencies:
- dependency-name: DeterminateSystems/update-flake-lock
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-03-04 22:39:56 +00:00
github-actions[bot]
075df9d85e flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/f63ce824cd2f036216eb5f637dfef31e1a03ee89' (2024-02-24)
  → 'github:NixOS/nixpkgs/458b097d81f90275b3fdf03796f0563844926708' (2024-03-02)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/89a2a12e6c8c6a56c72eb3589982c8e2f89c70ea' (2024-02-25)
  → 'github:NixOS/nixpkgs/66d65cb00b82ffa04ee03347595aa20e41fe3555' (2024-03-03)
2024-03-03 03:01:51 +00:00
dependabot[bot]
a1c8de14f6 update vendorHash 2024-02-26 22:51:07 +00:00
dependabot[bot]
e386e52abe build(deps): bump golang.org/x/crypto from 0.19.0 to 0.20.0
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.19.0 to 0.20.0.
- [Commits](https://github.com/golang/crypto/compare/v0.19.0...v0.20.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-26 22:51:07 +00:00
github-actions[bot]
2874fbbe4a flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/6e2f00c83911461438301db0dba5281197fe4b3a' (2024-02-17)
  → 'github:NixOS/nixpkgs/f63ce824cd2f036216eb5f637dfef31e1a03ee89' (2024-02-24)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/69405156cffbdf2be50153f13cbdf9a0bea38e49' (2024-02-17)
  → 'github:NixOS/nixpkgs/89a2a12e6c8c6a56c72eb3589982c8e2f89c70ea' (2024-02-25)
2024-02-25 03:01:16 +00:00
Quentin Smith
f6b80ab6cd Address review comments 2024-02-21 07:24:54 +00:00
Quentin Smith
fbec55367f modules/sops/templates: Support custom files as secret templates
This exposes the `file` option, which can be used with `pkgs.formats` to write additional configuration formats.
2024-02-21 07:24:54 +00:00
dependabot[bot]
acfcce2a36 update vendorHash 2024-02-20 19:09:21 +00:00
dependabot[bot]
a13fc353ca build(deps): bump golang.org/x/crypto from 0.18.0 to 0.19.0
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.18.0 to 0.19.0.
- [Commits](https://github.com/golang/crypto/compare/v0.18.0...v0.19.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-20 19:09:21 +00:00
dependabot[bot]
a5932c85e1 update vendorHash 2024-02-20 18:18:50 +00:00
dependabot[bot]
203f3fd655 build(deps): bump golang.org/x/sys from 0.16.0 to 0.17.0
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/sys/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-20 18:18:50 +00:00
w4tsn
5611ba15f1 add nix config snippet to restart sops-nix service
As home-manager does not restart the `sops-nix` unit automatically
a snippet to instruct home-manager to do so is added.

Home-manager could be instructed to restart the user service from the
sops-nix home-manager module instead. Usually home-manager restarts
units which changed. Since the sops-nix unit does not change when
secrets change this does not trigger automatically.

There are two options:
- let sops-nix home-manager module compute a chained hash over all
  secrets and place it inside the unit file, so it changes every time
  the secrets change
- use X-SwitchMethod and X-Restart-Triggers
  See nix-community/home-manager#3865
2024-02-20 18:04:56 +00:00
DDoSolitary
f88661c9a9 Revert "don't substitute binaries"
This reverts commit 7711514b85.

With db82bcafd4, we no longer need to
ensure that the pair list only contains utf-8 text, as long as users
don't reference non-utf-8 data in template content.
Fixes Mic92/sops-nix#439.
2024-02-20 16:46:05 +00:00
DDoSolitary
f805f3061a template rendering should only read referenced secrets
Adds an extra check to determine if the placeholder ocurrs in template
content before actually reading the corresponding secret file.
In terms of performance, this adds an extra string search, but removes
possibly unneceassary file reading if the secret is not used in the
template, though both of them should be negligible in most cases.
Fixes Mic92/sops-nix#496.
2024-02-20 16:46:05 +00:00
github-actions[bot]
ffed177a9d flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/442d407992384ed9c0e6d352de75b69079904e4e' (2024-02-09)
  → 'github:NixOS/nixpkgs/6e2f00c83911461438301db0dba5281197fe4b3a' (2024-02-17)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/d8cd80616c8800feec0cab64331d7c3d5a1a6d98' (2024-02-10)
  → 'github:NixOS/nixpkgs/69405156cffbdf2be50153f13cbdf9a0bea38e49' (2024-02-17)
2024-02-18 03:02:23 +00:00
Sirio Balmelli
48afd3264e home-manager/darwin: run sops-nix-user _once_ on login or activation
Correct a bug where 'KeepAlive' in the launchd service
'org.nix-community.home.sops-nix.plist'
re-runs 'sops-nix-user' every few seconds.

This should run:

- once at boot
- once at home-manager profile activation

Signed-off-by: Sirio Balmelli <sirio@b-ad.ch>
2024-02-13 17:36:42 +01:00
Jörg Thalheim
695275c349 make sops-install-secrets work with sysusers 2024-02-12 15:30:32 +01:00
github-actions[bot]
2eb7c4ba3a flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/f8e2ebd66d097614d51a56a755450d4ae1632df1' (2024-02-07)
  → 'github:NixOS/nixpkgs/442d407992384ed9c0e6d352de75b69079904e4e' (2024-02-09)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/bc6cb3d59b7aab88e967264254f8c1aa4c0284e9' (2024-02-08)
  → 'github:NixOS/nixpkgs/d8cd80616c8800feec0cab64331d7c3d5a1a6d98' (2024-02-10)
2024-02-11 03:03:34 +00:00
Jörg Thalheim
2168851d58 nixos-tests: drop < 23.11 compat code 2024-02-08 13:05:11 +00:00
Jörg Thalheim
98aa76b72e bump nixos-stable release
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/79a13f1437e149dc7be2d1290c74d378dad60814' (2024-02-03)
  → 'github:NixOS/nixpkgs/f8e2ebd66d097614d51a56a755450d4ae1632df1' (2024-02-07)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/9a333eaa80901efe01df07eade2c16d183761fa3' (2024-01-22)
  → 'github:NixOS/nixpkgs/bc6cb3d59b7aab88e967264254f8c1aa4c0284e9' (2024-02-08)
2024-02-08 12:26:52 +00:00
Jörg Thalheim
00071af896 move secrets-fo-users to it's own module
This preparation to support sysusers.
No behavior change.
2024-02-08 12:26:52 +00:00
github-actions[bot]
23f61b897c flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/4fddc9be4eaf195d631333908f2a454b03628ee5' (2024-01-25)
  → 'github:NixOS/nixpkgs/79a13f1437e149dc7be2d1290c74d378dad60814' (2024-02-03)
2024-02-04 02:59:07 +00:00
github-actions[bot]
73bf36912e flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/e5d1c87f5813afde2dda384ac807c57a105721cc' (2024-01-19)
  → 'github:NixOS/nixpkgs/4fddc9be4eaf195d631333908f2a454b03628ee5' (2024-01-25)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/a1982c92d8980a0114372973cbdfe0a307f1bdea' (2024-01-12)
  → 'github:NixOS/nixpkgs/9a333eaa80901efe01df07eade2c16d183761fa3' (2024-01-22)
2024-01-28 03:00:21 +00:00
Haru02w
4606d9b159 Add info about hash passwords 2024-01-24 22:06:12 +01:00