mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2024-12-15 17:50:51 +00:00
Code Activity
221 commits 14 branches 1 tag 2.8 MiB
Commit graph

221 commits

This branch
This branch
All branches
Author SHA1 Message Date
Janne Heß
b21c0ce3a8
Group gnupg and age in the module 2021-09-24 12:09:52 +02:00
Janne Heß
f5a2ba217b
Add age support 2021-09-24 12:09:52 +02:00
Jörg Thalheim
9d47d2e3e4
Merge pull request #116 from helsinki-systems/fix/unstable-pipeline 
Fix pipeline on unstable
 2021-09-18 07:43:33 +01:00
Janne Heß
ebfa120b52
Fix pipeline on unstable 2021-09-17 21:08:34 +02:00
Jörg Thalheim
32d94573f7
Merge pull request #115 from Mic92/dependabot/github_actions/cachix/install-nix-action-14 
Bump cachix/install-nix-action from 13 to 14
 2021-09-14 07:05:48 +01:00
dependabot[bot]
8fa49a400a
Bump cachix/install-nix-action from 13 to 14 
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 13 to 14.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v13...v14)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-09-13 22:02:21 +00:00
Jörg Thalheim
3e4ebc851c
Merge pull request #111 from Mic92/openpgp 
switch to maintained openpgp library
 2021-08-29 17:37:03 +01:00
Jörg Thalheim
4919735a5e fork sops with new openpgp library 2021-08-29 16:20:30 +00:00
slekky
419e21b80f
Adding logo (#112) 2021-08-29 15:04:06 +01:00
Jörg Thalheim
3e2aefbc61 switch to maintained openpgp library 2021-08-29 15:24:07 +02:00
Jörg Thalheim
024c079aa1
Merge pull request #109 from helsinki-systems/feat/update-nixpkgs-version 
workflow: Update nixos channel to 21.05
 2021-08-28 11:12:23 +01:00
Janne Heß
1029f6e0c9
workflow: Update nixos channel to 21.05 2021-08-28 12:06:18 +02:00
Janne Heß
f61a391089
Merge pull request #110 from starcraft66/patch-1 
Add aarch64-darwin to supported systems
 2021-08-28 12:03:25 +02:00
Tristan
9b4eade565
Add aarch64-darwin to supported systems 2021-08-28 01:04:18 -04:00
Jörg Thalheim
0d4bdc1c21
Merge pull request #106 from Mic92/master-specialfs 
modules/sops: activation after specialfs
 2021-08-26 20:18:23 +01:00
Jörg Thalheim
f3deaae52f
Merge branch 'master' into master-specialfs 2021-08-26 19:53:56 +01:00
Jörg Thalheim
39d26fad6a
Merge pull request #105 from Mic92/build 
sops-nix: fix build
 2021-08-26 19:26:14 +01:00
Jörg Thalheim
ce5e734b26 sops-nix: fix build 2021-08-26 20:01:22 +02:00
0x4A6F
f89c1a5bf1
modules/sops: activation after specialfs 
* ensure mounted /run before running setup-secrets
 2021-08-22 23:28:48 +02:00
Jörg Thalheim
ec2800174d
Merge pull request #103 from Ma27/fix-manual 
modules/sops: fix manual
 2021-07-10 18:01:00 +01:00
Maximilian Bosch
df2d4bbbfc
modules/sops: fix manual 
* Since 0d957142b6 the manual doesn't
  build since `<name>` is interpreted by docbook as (unmatched) XML-tag.
  I decided to use `<xref linkend` as this provides proper linking to
  the referenced option.

* Also, if the module is included on a machine where `sops` isn't used,
  but `documentation.nixos.includeAllModules = true;` is set, the module
  wouldn't evaluate because `config.sopsFile` is referenced in a
  `default`-tag. This is generally an issue since every change to this
  option would trigger a rebuild of the manual anyways.

  See also 94fd200305 for that.
 2021-07-10 16:11:31 +02:00
Jörg Thalheim
87a27217b2
Merge pull request #102 from NickCao/master 
add readonly option sopsFileHash
 2021-07-07 16:58:06 +01:00
Nick Cao
0d957142b6
add readonly option sopsFileHash 2021-07-04 14:01:37 +08:00
Jörg Thalheim
c4f7025e5d
README: simplify installing sops-nix into shell.nix 2021-07-03 09:42:47 +02:00
Jörg Thalheim
d4c6f466cc
Merge pull request #100 from Mic92/dependabot/go_modules/go.mozilla.org/sops/v3-3.7.1 
Bump go.mozilla.org/sops/v3 from 3.5.0 to 3.7.1
 2021-07-03 08:21:49 +01:00
Jörg Thalheim
45900975cb
golangci-lint: increase timeout 2021-07-03 09:18:15 +02:00
Jörg Thalheim
4b156e10c8
flake: update nixpkgs 2021-07-03 09:18:00 +02:00
Jörg Thalheim
3261557508
update vendorSha256 2021-07-03 09:05:37 +02:00
dependabot[bot]
6f1ad4a008
Bump go.mozilla.org/sops/v3 from 3.5.0 to 3.7.1 
Bumps [go.mozilla.org/sops/v3](https://github.com/mozilla/sops) from 3.5.0 to 3.7.1.
- [Release notes](https://github.com/mozilla/sops/releases)
- [Changelog](https://github.com/mozilla/sops/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/mozilla/sops/compare/v3.5.0...v3.7.1)

---
updated-dependencies:
- dependency-name: go.mozilla.org/sops/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-07-03 07:00:00 +00:00
Jörg Thalheim
94535c632d
Merge pull request #99 from Mic92/sops-import-keys-hook 
Replace sops-gpg-hook with sops-import-keys-hook
 2021-07-03 07:55:22 +01:00
Jörg Thalheim
6d27428b35
dependabot: add go 2021-07-03 08:52:01 +02:00
Jörg Thalheim
34a650555e
fix nixos-test 
We no longer require membership in keys group.
 2021-07-03 08:20:27 +02:00
Jörg Thalheim
73e19bf11b
Replace sops-gpg-hook with sops-import-keys-hook 2021-07-03 08:08:38 +02:00
Jörg Thalheim
7918c59b39
Merge pull request #97 from Mic92/fix-permissions 
allow non-key group users to access /run/secrets
 2021-06-05 19:51:02 +02:00
Jörg Thalheim
835f825646
Merge branch 'master' into fix-permissions 2021-06-05 18:02:17 +02:00
Jörg Thalheim
351c716739
allow non-key group users to access /run/secrets 
This does not significantly decrease security while making it a lot more
convinient.  There are also services, where it is not possible to set
the keys group i.e. if a daemon unsets all groups.  Processes still
won't be able to list other secrets if they are not in the secret group.

fixes #86
 2021-06-05 17:59:22 +02:00
Jörg Thalheim
4f384662a8
Merge pull request #92 from Mic92/dependabot/github_actions/cachix/cachix-action-v10 
Bump cachix/cachix-action from v9 to v10
 2021-04-19 14:55:26 +01:00
dependabot[bot]
f82b674ca0
Bump cachix/cachix-action from v9 to v10 
Bumps [cachix/cachix-action](https://github.com/cachix/cachix-action) from v9 to v10.
- [Release notes](https://github.com/cachix/cachix-action/releases)
- [Commits](https://github.com/cachix/cachix-action/compare/v9...73e75d1a0cd4330597a571e8f9dedb41faa2fc4e)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-19 06:04:13 +00:00
Jörg Thalheim
ade2f5c171
Merge pull request #90 from Mic92/dependabot/github_actions/cachix/cachix-action-v9 
Bump cachix/cachix-action from v8 to v9
 2021-04-12 12:23:28 +01:00
Jörg Thalheim
87bb906c30
Merge branch 'master' into dependabot/github_actions/cachix/cachix-action-v9 2021-04-05 08:43:43 +01:00
Jörg Thalheim
5e0ea90c78
Merge pull request #91 from Mic92/dependabot/github_actions/cachix/install-nix-action-v13 
Bump cachix/install-nix-action from v12 to v13
 2021-04-05 08:42:31 +01:00
dependabot[bot]
5b1266590c
Bump cachix/install-nix-action from v12 to v13 
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from v12 to v13.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v12...8d6d5e949675fbadb765c6b1a975047fa5f09b27)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-05 06:21:56 +00:00
dependabot[bot]
243c2362b9
Bump cachix/cachix-action from v8 to v9 
Bumps [cachix/cachix-action](https://github.com/cachix/cachix-action) from v8 to v9.
- [Release notes](https://github.com/cachix/cachix-action/releases)
- [Commits](https://github.com/cachix/cachix-action/compare/v8...2689c27f57daedc905895d92ad18fe5ce470df9e)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-05 06:21:53 +00:00
Jörg Thalheim
441227c4fd
Merge pull request #89 from Ma27/manual-rebuild 
module: Don't set option-value as option-default
 2021-04-04 07:49:48 +01:00
Maximilian Bosch
94fd200305
module: Don't set option-value as option-default 
When using `documentation.nixos.includeAllModules = true;`, I'd
otherwise have to rebuild the manual on each change since I have my
`defaultSopsFile` in a git-repo with all my other configs.
 2021-03-28 22:58:13 +02:00
Jörg Thalheim
137d387e78
Merge pull request #87 from ncfavier/master 
Improve assertions
 2021-03-06 11:56:19 +00:00
Naïm Favier
360bfd77ae
improve assertions 2021-03-06 12:34:48 +01:00
Jörg Thalheim
cdcb3230be
Merge pull request #88 from ncfavier/patch-1 
flake.nix: provide a nixosModule attribute
 2021-03-06 09:40:57 +00:00
Naïm Favier
8dfabd91f8
flake.nix: provide a nixosModule attribute 2021-03-06 10:22:39 +01:00
Jörg Thalheim
5f82119d97
Merge pull request #78 from Mic92/ssh-to-pgp 
switch to ssh-to-pgp in nixpkgs
 2021-02-22 06:03:36 +00:00