mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2024-12-14 11:57:52 +00:00
Code Activity
782 commits 14 branches 1 tag 2.8 MiB
Commit graph

782 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jörg Thalheim
6b259336bd
Lint fixes (#539) 
* fix various additional linter errors

* extend golangci checks
 2024-04-18 16:19:26 +02:00
github-actions[bot]
ac538092be flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/a0c9e3aee1000ac2bfb0e5b98c94c946a5d180a9' (2024-04-12)
  → 'github:NixOS/nixpkgs/2b6ee326ad047870526d9a3ae88dfd0197da898d' (2024-04-16)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/c27f3b6d8e29346af16eecc0e9d54b1071eae27e' (2024-04-13)
  → 'github:NixOS/nixpkgs/8494ae076b7878d61a7d2d25e89a847fe8f8364c' (2024-04-18)
 2024-04-18 11:22:27 +00:00
Jörg Thalheim
58b9a13a37 home-manager: fix key store path check for strings 
fixes https://github.com/Mic92/sops-nix/issues/535
 2024-04-18 13:12:29 +02:00
Sebastian Sellmeier
a9795d1959 home-manager: Change defaultSymlinkPath to "<xdg-config-home>/sops-nix/secrets" 2024-04-18 08:22:30 +00:00
the-furry-hubofeverything
74f03c1a51 Refuse age keyfile paths that are in the nix store 2024-04-18 08:17:46 +00:00
dependabot[bot]
7f49111254 update vendorHash 2024-04-18 08:11:19 +00:00
dependabot[bot]
3a30a38816 Bump github.com/ProtonMail/go-crypto 
Bumps [github.com/ProtonMail/go-crypto](https://github.com/ProtonMail/go-crypto) from 0.0.0-20230923063757-afb1ddc0824c to 1.1.0-alpha.2.
- [Release notes](https://github.com/ProtonMail/go-crypto/releases)
- [Commits](https://github.com/ProtonMail/go-crypto/commits/v1.1.0-alpha.2)

---
updated-dependencies:
- dependency-name: github.com/ProtonMail/go-crypto
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-18 08:11:19 +00:00
Sebastian Sellmeier
dacc9519f5 home-manager: Include home.activation-script for linux similar to macos 2024-04-18 08:02:04 +00:00
Joachim Ernst
cc535d07cb
remove all uses of lib.mdDoc (#532) 2024-04-15 11:55:09 +02:00
github-actions[bot]
226062b47f flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/9e7f26f82acb057498335362905fde6fea4ca50a' (2024-04-06)
  → 'github:NixOS/nixpkgs/a0c9e3aee1000ac2bfb0e5b98c94c946a5d180a9' (2024-04-12)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/e38d7cb66ea4f7a0eb6681920615dfcc30fc2920' (2024-04-06)
  → 'github:NixOS/nixpkgs/c27f3b6d8e29346af16eecc0e9d54b1071eae27e' (2024-04-13)
 2024-04-14 03:55:50 +00:00
dependabot[bot]
538c114cfd update vendorHash 2024-04-08 23:00:41 +00:00
dependabot[bot]
104aabf324 Bump golang.org/x/crypto from 0.21.0 to 0.22.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.21.0 to 0.22.0.
- [Commits](https://github.com/golang/crypto/compare/v0.21.0...v0.22.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-08 23:00:41 +00:00
github-actions[bot]
39191e8e62 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/807c549feabce7eddbf259dbdcec9e0600a0660d' (2024-03-29)
  → 'github:NixOS/nixpkgs/9e7f26f82acb057498335362905fde6fea4ca50a' (2024-04-06)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/2b4e3ca0091049c6fbb4908c66b05b77eaef9f0c' (2024-03-30)
  → 'github:NixOS/nixpkgs/e38d7cb66ea4f7a0eb6681920615dfcc30fc2920' (2024-04-06)
 2024-04-07 03:01:48 +00:00
github-actions[bot]
99b1e37f9f flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/20bc93ca7b2158ebc99b8cef987a2173a81cde35' (2024-03-23)
  → 'github:NixOS/nixpkgs/807c549feabce7eddbf259dbdcec9e0600a0660d' (2024-03-29)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/ac6bdf6181666ebb4f90dd20f31e2fa66ede6b68' (2024-03-23)
  → 'github:NixOS/nixpkgs/2b4e3ca0091049c6fbb4908c66b05b77eaef9f0c' (2024-03-30)
 2024-03-31 03:17:28 +00:00
github-actions[bot]
405987a66c flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/9af9c1c87ed3e3ed271934cb896e0cdd33dae212' (2024-03-15)
  → 'github:NixOS/nixpkgs/20bc93ca7b2158ebc99b8cef987a2173a81cde35' (2024-03-23)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/6dc11d9859d6a18ab0c5e5829a5b8e4810658de3' (2024-03-16)
  → 'github:NixOS/nixpkgs/ac6bdf6181666ebb4f90dd20f31e2fa66ede6b68' (2024-03-23)
 2024-03-24 03:01:59 +00:00
github-actions[bot]
83b68a0e8c flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/0e7f98a5f30166cbed344569426850b21e4091d4' (2024-03-09)
  → 'github:NixOS/nixpkgs/9af9c1c87ed3e3ed271934cb896e0cdd33dae212' (2024-03-15)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/b17375d3bb7c79ffc52f3538028b2ec06eb79ef8' (2024-03-10)
  → 'github:NixOS/nixpkgs/6dc11d9859d6a18ab0c5e5829a5b8e4810658de3' (2024-03-16)
 2024-03-17 03:03:14 +00:00
dependabot[bot]
6c32d3b9c7 update vendorHash 2024-03-14 17:24:24 +01:00
dependabot[bot]
0e2a9aeb92 build(deps): bump google.golang.org/protobuf from 1.30.0 to 1.33.0 
Bumps google.golang.org/protobuf from 1.30.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-14 17:24:24 +01:00
dependabot[bot]
cf5f5d8e27 update vendorHash 2024-03-14 15:08:37 +00:00
dependabot[bot]
d076d5ea84 build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.2 to 3.0.3 
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/v3.0.3/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.2...v3.0.3)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-14 15:08:37 +00:00
Jörg Thalheim
ebbca93858 Update README.md 2024-03-14 15:47:27 +01:00
GameDungeon
cc721b2bc1 Update README.md for impermanence users 2024-03-14 15:47:27 +01:00
Jörg Thalheim
fa8035c073 use gnupg binary also now for ssh rsa keys 
With the last sops bump, our gpg keys are no longer detected by sops without it
 2024-03-14 15:47:03 +01:00
Jörg Thalheim
85d13d5aa4 sops-install-secrets: also write out pubring to make gnupg happy 2024-03-14 15:47:03 +01:00
Jörg Thalheim
a2d9145e98 fix build with new ssh-to-age library 2024-03-14 15:47:03 +01:00
Janik H.
833bd28f8f .gitignore: add nix build result 2024-03-14 15:47:03 +01:00
Janik H.
eb7e7f0842 sops-install-secrets: change sops url 
downgrade go-crypto again
 2024-03-14 15:47:03 +01:00
dependabot[bot]
804157eb75 update vendorHash 2024-03-14 12:52:31 +01:00
dependabot[bot]
1385b12fb3 build(deps): bump golang.org/x/crypto from 0.20.0 to 0.21.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.20.0 to 0.21.0.
- [Commits](https://github.com/golang/crypto/compare/v0.20.0...v0.21.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-14 12:52:31 +01:00
Luflosi
7f015eeff1 modules/sops: fix typo 
The assertion below states: "Exactly one of sops.gnupg.home and sops.gnupg.sshKeyPaths must be set".
 2024-03-14 12:52:12 +01:00
dependabot[bot]
e52d8117b3 build(deps): bump cachix/install-nix-action from 25 to 26 
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 25 to 26.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v25...v26)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-11 22:13:14 +00:00
github-actions[bot]
f8d5c8baa8 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/458b097d81f90275b3fdf03796f0563844926708' (2024-03-02)
  → 'github:NixOS/nixpkgs/0e7f98a5f30166cbed344569426850b21e4091d4' (2024-03-09)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/66d65cb00b82ffa04ee03347595aa20e41fe3555' (2024-03-03)
  → 'github:NixOS/nixpkgs/b17375d3bb7c79ffc52f3538028b2ec06eb79ef8' (2024-03-10)
 2024-03-10 03:03:26 +00:00
dependabot[bot]
25dd60fdd0 update vendorHash 2024-03-06 07:44:51 +00:00
dependabot[bot]
e3b396f42f build(deps): bump golang.org/x/sys from 0.17.0 to 0.18.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-06 07:44:51 +00:00
dependabot[bot]
291aad29b5 build(deps): bump DeterminateSystems/update-flake-lock from 20 to 21 
Bumps [DeterminateSystems/update-flake-lock](https://github.com/determinatesystems/update-flake-lock) from 20 to 21.
- [Release notes](https://github.com/determinatesystems/update-flake-lock/releases)
- [Commits](https://github.com/determinatesystems/update-flake-lock/compare/v20...v21)

---
updated-dependencies:
- dependency-name: DeterminateSystems/update-flake-lock
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-04 22:39:56 +00:00
github-actions[bot]
075df9d85e flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/f63ce824cd2f036216eb5f637dfef31e1a03ee89' (2024-02-24)
  → 'github:NixOS/nixpkgs/458b097d81f90275b3fdf03796f0563844926708' (2024-03-02)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/89a2a12e6c8c6a56c72eb3589982c8e2f89c70ea' (2024-02-25)
  → 'github:NixOS/nixpkgs/66d65cb00b82ffa04ee03347595aa20e41fe3555' (2024-03-03)
 2024-03-03 03:01:51 +00:00
dependabot[bot]
a1c8de14f6 update vendorHash 2024-02-26 22:51:07 +00:00
dependabot[bot]
e386e52abe build(deps): bump golang.org/x/crypto from 0.19.0 to 0.20.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.19.0 to 0.20.0.
- [Commits](https://github.com/golang/crypto/compare/v0.19.0...v0.20.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-02-26 22:51:07 +00:00
github-actions[bot]
2874fbbe4a flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/6e2f00c83911461438301db0dba5281197fe4b3a' (2024-02-17)
  → 'github:NixOS/nixpkgs/f63ce824cd2f036216eb5f637dfef31e1a03ee89' (2024-02-24)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/69405156cffbdf2be50153f13cbdf9a0bea38e49' (2024-02-17)
  → 'github:NixOS/nixpkgs/89a2a12e6c8c6a56c72eb3589982c8e2f89c70ea' (2024-02-25)
 2024-02-25 03:01:16 +00:00
Quentin Smith
f6b80ab6cd Address review comments 2024-02-21 07:24:54 +00:00
Quentin Smith
fbec55367f modules/sops/templates: Support custom files as secret templates 
This exposes the `file` option, which can be used with `pkgs.formats` to write additional configuration formats.
 2024-02-21 07:24:54 +00:00
dependabot[bot]
acfcce2a36 update vendorHash 2024-02-20 19:09:21 +00:00
dependabot[bot]
a13fc353ca build(deps): bump golang.org/x/crypto from 0.18.0 to 0.19.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.18.0 to 0.19.0.
- [Commits](https://github.com/golang/crypto/compare/v0.18.0...v0.19.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-02-20 19:09:21 +00:00
dependabot[bot]
a5932c85e1 update vendorHash 2024-02-20 18:18:50 +00:00
dependabot[bot]
203f3fd655 build(deps): bump golang.org/x/sys from 0.16.0 to 0.17.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/sys/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-02-20 18:18:50 +00:00
w4tsn
5611ba15f1 add nix config snippet to restart sops-nix service 
As home-manager does not restart the `sops-nix` unit automatically
a snippet to instruct home-manager to do so is added.

Home-manager could be instructed to restart the user service from the
sops-nix home-manager module instead. Usually home-manager restarts
units which changed. Since the sops-nix unit does not change when
secrets change this does not trigger automatically.

There are two options:
- let sops-nix home-manager module compute a chained hash over all
  secrets and place it inside the unit file, so it changes every time
  the secrets change
- use X-SwitchMethod and X-Restart-Triggers
  See nix-community/home-manager#3865
 2024-02-20 18:04:56 +00:00
DDoSolitary
f88661c9a9 Revert "don't substitute binaries" 
This reverts commit 7711514b85.

With db82bcafd4, we no longer need to
ensure that the pair list only contains utf-8 text, as long as users
don't reference non-utf-8 data in template content.
Fixes Mic92/sops-nix#439.
 2024-02-20 16:46:05 +00:00
DDoSolitary
f805f3061a template rendering should only read referenced secrets 
Adds an extra check to determine if the placeholder ocurrs in template
content before actually reading the corresponding secret file.
In terms of performance, this adds an extra string search, but removes
possibly unneceassary file reading if the secret is not used in the
template, though both of them should be negligible in most cases.
Fixes Mic92/sops-nix#496.
 2024-02-20 16:46:05 +00:00
github-actions[bot]
ffed177a9d flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/442d407992384ed9c0e6d352de75b69079904e4e' (2024-02-09)
  → 'github:NixOS/nixpkgs/6e2f00c83911461438301db0dba5281197fe4b3a' (2024-02-17)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/d8cd80616c8800feec0cab64331d7c3d5a1a6d98' (2024-02-10)
  → 'github:NixOS/nixpkgs/69405156cffbdf2be50153f13cbdf9a0bea38e49' (2024-02-17)
 2024-02-18 03:02:23 +00:00
Sirio Balmelli
48afd3264e home-manager/darwin: run sops-nix-user _once_ on login or activation 
Correct a bug where 'KeepAlive' in the launchd service
'org.nix-community.home.sops-nix.plist'
re-runs 'sops-nix-user' every few seconds.

This should run:

- once at boot
- once at home-manager profile activation

Signed-off-by: Sirio Balmelli <sirio@b-ad.ch>
 2024-02-13 17:36:42 +01:00