1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2024-12-15 17:50:51 +00:00
Commit graph

103 commits

Author SHA1 Message Date
w4tsn
5611ba15f1 add nix config snippet to restart sops-nix service
As home-manager does not restart the `sops-nix` unit automatically
a snippet to instruct home-manager to do so is added.

Home-manager could be instructed to restart the user service from the
sops-nix home-manager module instead. Usually home-manager restarts
units which changed. Since the sops-nix unit does not change when
secrets change this does not trigger automatically.

There are two options:
- let sops-nix home-manager module compute a chained hash over all
  secrets and place it inside the unit file, so it changes every time
  the secrets change
- use X-SwitchMethod and X-Restart-Triggers
  See nix-community/home-manager#3865
2024-02-20 18:04:56 +00:00
Haru02w
4606d9b159 Add info about hash passwords 2024-01-24 22:06:12 +01:00
Jörg Thalheim
5bd3f71f07 Update README.md 2024-01-10 16:58:27 +00:00
EmergentMind
4cf467173b Update README.md
Add  home-manager usage example that is inline with current recommended sops-nix installation approach. The required import path is substantially different than that of the other example, which has been retained.
2024-01-10 16:58:27 +00:00
Enno Richter
6db9bd9ace fix typo in README.md 2024-01-10 16:53:11 +00:00
EmergentMind
21f2b8f123 Remove confusing and redundant left over text
This line is left over from a set of instructions that were previously incorporated into an early console example under "you can generate yourself a key:" above.
2023-12-17 11:22:42 +00:00
Jörg Thalheim
e19071f995 README: link to infra repo instead of my dotfiles 2023-12-02 11:58:18 +00:00
Jörg Thalheim
4abfe90153 README: link to video tutorial 2023-12-02 12:53:07 +01:00
pizmovc
4e3f66f703 Rename passwordFile to hashedPasswordFile
This follows the rename that was done in nixpkgs.

Reference PR https://github.com/NixOS/nixpkgs/pull/254080
2023-11-06 06:36:07 +00:00
Sandro
84d6b27dc7 Suggest command to encrypt binary that respect .sopy.aml
Based on https://github.com/getsops/sops/issues/594#issuecomment-569132718 and tested locally successful
2023-11-02 13:49:36 +01:00
Jörg Thalheim
9de50ec9e5 README: keys group is not required anymore for a long time 2023-10-03 08:47:53 +01:00
Andrey Kuznetsov
e73ba2078c docs: fix recommendation comment 2023-10-03 08:47:12 +01:00
20-56
2f375ed870 docs: fix broken link to sops readme 2023-09-21 10:22:30 +02:00
Jörg Thalheim
66df6576f6 templates: improve docs 2023-08-30 14:35:28 +01:00
Jörg Thalheim
429007f7f3 document templates 2023-08-22 19:23:57 +01:00
Andrew Morgan
e4e1a9f9d4 Update to note accidental use of shamir secret sharing 2023-07-11 19:22:35 +01:00
Andrew Morgan
b1aa4e7107 Add some helpful tips to the README
A couple notes that tripped me up when initially trying this. I hope they can help make future journeys smoother :)

- Getting the syntax of `.sops.yaml` wrong can cause vague errors when it comes to encrypting secrets files.
- `path_regex` needs to include all file extensions that you intend to encrypt. `sops` supports YAML, JSON, ENV, INI and binary files, so suggesting that those be picked up by default seems sensible. Personally, I had trouble figuring out why `sops` wouldn't accept my `.env` file - again with a confusing error message.
2023-07-11 00:07:28 +01:00
Jörg Thalheim
8d64b1593b replace nix-shell with nix run to get sops-init-gpg-key
fixes https://github.com/Mic92/sops-nix/issues/344
2023-06-16 09:22:32 +02:00
vdbewout
f32ee4fac1
fix(readme): keygroups in .sops.yaml examples 2023-03-10 09:45:35 +01:00
geri1701
bdccb322d5
corrects small typo 2023-03-07 18:21:15 +01:00
Emanuel Johnson Godin
f78f64eccf
phase out github literal in install instructions 2023-03-02 16:27:23 +01:00
Jörg Thalheim
cf3d4c2855 drop warning on tmpfs for XDG_RUNTIME_DIR
fixes https://github.com/Mic92/sops-nix/issues/276
2023-02-21 07:09:34 +01:00
Pogobanane
a45636d7a5 readme: improve 2023-02-02 12:07:00 +01:00
Jörg Thalheim
68d25e682b Update README.md
Co-authored-by: pogobanane <38314551+pogobanane@users.noreply.github.com>
2023-02-02 11:38:03 +01:00
Janne Heß
7f38c98162 More review fixups 2023-02-02 11:38:03 +01:00
Janne Heß
3afa9ca553 Fixup review comments 2023-02-02 11:38:03 +01:00
Janne Heß
acaf36a1bf Implement home-manager support
Closes #62
Closes #163
2023-02-02 11:38:03 +01:00
lucasew
eb09a61dc9 format type: add dotenv and ini
Signed-off-by: lucasew <lucas59356@gmail.com>
2023-01-17 10:55:52 -03:00
Jörg Kütemeier
08a2634b42
Add documentation for sops-init-gpg-key with a Curved25119 key to the README file 2023-01-05 23:08:24 +01:00
Jörg Thalheim
9cbf5804d8
Update README.md
Co-authored-by: Jonas Chevalier <zimbatm@zimbatm.com>
2022-12-04 09:10:11 +00:00
Jörg Thalheim
e4c761169e
Update README.md
Co-authored-by: Jonas Chevalier <zimbatm@zimbatm.com>
2022-12-04 09:09:31 +00:00
Jörg Thalheim
39bf96e000 README: commercial support 2022-11-24 11:38:47 +01:00
Ryan Gibb
e1c5cb7e35 As per RFC2606 use example.com in documentation 2022-11-06 13:22:10 +00:00
Janne Heß
a94c4a7d40
Remove the 21.11 version 2022-07-04 20:23:46 +02:00
Winter
1616f52031 README: remove mention of decrypting SSH private key 2022-06-23 14:24:15 -04:00
Jörg Thalheim
2a8d731e40
README: fix agenix description 2022-06-20 08:48:27 +02:00
Sarah Brofeldt
e77889971b
readme: fix typo in scalpel 2022-06-20 08:32:59 +02:00
Jörg Thalheim
67af9b179c
README: mention other projects in the field 2022-06-19 21:08:52 +02:00
Jörg Thalheim
d27137c0a1
README: add toString to sopsPGPKeyDirs
Better example to avoid: https://github.com/Mic92/sops-nix/issues/175
2022-05-13 22:46:19 +02:00
Matthieu Coudron
9d13b57162 doc: fix path towards the nobody user 2022-04-12 10:18:55 +02:00
Janne Heß
5e2f743edd
Re-add service restarts
We also have service reloads now, so add them as well
2022-03-14 17:30:56 +01:00
Jörg Thalheim
cda46de69a
README: add section about using sops-nix at evaluation time 2022-02-21 10:14:00 +01:00
Jörg Thalheim
fc22eff320
README: link to samuel's blog post 2022-02-11 18:04:25 +01:00
Janne Heß
23259ded2c Remove restart logic from README and test
The required code in nixpkgs was reverted so we should not advertise a
feature that does not work. We can revert this commit if the feature is
re-merged into 22.05 with the proper version in it.
2021-11-29 10:24:45 +01:00
virchau13
aae83a73f0
docs: fix more grammar 2021-11-21 23:57:56 +08:00
virchau13
e6866b54e6
docs: make README.md clearer
This makes several changes to the README to make reading it clearer.
- General grammar, capitalization, and punctuation fixes.
- Change the usage example into collapsible sections so the README is
  navigable.
- Merge steps 2a/2b and steps 3a/3b into steps 2 and 3, since they share
  a lot in common.
- Use age examples for .sops.yaml, instead of just GPG fingerprints.
- Make sure there is only one consistent example throughout the
  entirety of the usage example.
- Make the age/GPG/SSH trichotomy less confusing.
- Adds a source for the "GnuPG is not great software" claim.
2021-11-21 02:22:27 +08:00
Janne Heß
bac08f6919
Allow setting user passwords 2021-11-07 13:53:16 +01:00
Janne Heß
9683d128bd
Add support for restarting/reloading units 2021-11-07 12:37:57 +01:00
Jörg Thalheim
8318a036fe another test commit 2021-11-04 22:35:35 +01:00
Jörg Thalheim
b85ea605cd test commit 2021-11-04 22:20:59 +01:00