mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2024-12-14 11:57:52 +00:00
Code Activity
869 commits 14 branches 1 tag 2.8 MiB
Commit graph

95 commits

Author SHA1 Message Date
Jeremy Fleischman
fe63071416 Improve activation messages about rendered templates 
This fixes https://github.com/Mic92/sops-nix/issues/652
 2024-11-07 19:49:39 +00:00
liyangau
c5ae1e214f fix missing lib in mkOption 2024-11-06 09:50:27 +01:00
thomaslepoix
f21c31dadf Emit plain file when key is empty 
Co-Authored-By: Slaier <slaier@users.noreply.github.com>
 2024-11-06 05:57:58 +00:00
Jeremy Fleischman
aa5caa129b rebase, complete implementation 2024-11-06 04:55:41 +00:00
Jörg Thalheim
bb7d636211 template refactoring 2024-11-06 04:55:41 +00:00
Sizhe Zhao
b2211d1a53 fix(home-manager/sops): fix setting unit env 
The Environment option should be set in Service section.
 2024-10-26 08:38:45 +00:00
Sizhe Zhao
78a0e634fc fix(home-manager/sops): fix setting systemd unit environment 2024-10-24 13:07:55 +00:00
Mark Sisson
d089e742fb feat(home-manager/sops): add environment variable configuration 
Added support for configuring environment variables before calling
`sops-install-secrets`. Introduced a new `environment` option which
allows specifying environment variables. Modified systemd service
and launchd agent to use the specified environment variables.
 2024-10-23 14:55:20 +00:00
Martijn de Munnik
a4c33bfecb Allow to set uid and gid instead of owner and group. No checks will be performed when uid and gid are set. 
```
sops.secrets = {
  sslCertificate = {
    sopsFile = ./secrets.yaml;
    owner = "";
    group = "";
    uid = config.containers."nginx".config.users.users."nginx".uid;
    gid = config.containers."nginx".config.users.groups."nginx".gid;
  };
  sslCertificateKey = {
    sopsFile = ./secrets.yaml;
    owner = "";
    group = "";
    uid = config.containers."nginx".config.users.users."nginx".uid;
    gid = config.containers."nginx".config.users.groups."nginx".gid;
  };
};
```

Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
 2024-10-23 07:38:42 +00:00
Sandro Jäckel
26642e8f19 Add some missing literalExpression 2024-10-22 09:03:27 +00:00
Lin Yinfeng
127a96f49d modules/sops/templates: support systemd activation 2024-09-27 07:43:29 +00:00
A. Manzer
5876a12ff6 Allow sops-nix to be restarted when systemd is degraded 
If Systemd is running, but with even a single failed unit, it'll enter Degraded state.  Restart sops-nix anyway.
 2024-09-27 09:35:55 +02:00
r-vdp
d9d781523a Support userborn 2024-09-05 12:42:46 +00:00
Jörg Thalheim
ab2d1ffeb5 {nixos,home-manager}: shell escape age key paths 2024-08-12 09:20:04 +00:00
Sebastian Sellmeier
4371a1301c home-manager: minor oversight cleanup 2024-04-22 10:39:12 +02:00
Jörg Thalheim
e31339a204 home-manager: fix implicit dependency on coreutils 
fixes https://github.com/Mic92/sops-nix/issues/542
 2024-04-19 08:18:56 +00:00
Jörg Thalheim
58b9a13a37 home-manager: fix key store path check for strings 
fixes https://github.com/Mic92/sops-nix/issues/535
 2024-04-18 13:12:29 +02:00
Sebastian Sellmeier
a9795d1959 home-manager: Change defaultSymlinkPath to "<xdg-config-home>/sops-nix/secrets" 2024-04-18 08:22:30 +00:00
the-furry-hubofeverything
74f03c1a51 Refuse age keyfile paths that are in the nix store 2024-04-18 08:17:46 +00:00
Sebastian Sellmeier
dacc9519f5 home-manager: Include home.activation-script for linux similar to macos 2024-04-18 08:02:04 +00:00
Joachim Ernst
cc535d07cb
remove all uses of lib.mdDoc (#532) 2024-04-15 11:55:09 +02:00
Jörg Thalheim
fa8035c073 use gnupg binary also now for ssh rsa keys 
With the last sops bump, our gpg keys are no longer detected by sops without it
 2024-03-14 15:47:03 +01:00
Luflosi
7f015eeff1 modules/sops: fix typo 
The assertion below states: "Exactly one of sops.gnupg.home and sops.gnupg.sshKeyPaths must be set".
 2024-03-14 12:52:12 +01:00
Quentin Smith
f6b80ab6cd Address review comments 2024-02-21 07:24:54 +00:00
Quentin Smith
fbec55367f modules/sops/templates: Support custom files as secret templates 
This exposes the `file` option, which can be used with `pkgs.formats` to write additional configuration formats.
 2024-02-21 07:24:54 +00:00
DDoSolitary
f88661c9a9 Revert "don't substitute binaries" 
This reverts commit 7711514b85.

With db82bcafd4, we no longer need to
ensure that the pair list only contains utf-8 text, as long as users
don't reference non-utf-8 data in template content.
Fixes Mic92/sops-nix#439.
 2024-02-20 16:46:05 +00:00
DDoSolitary
f805f3061a template rendering should only read referenced secrets 
Adds an extra check to determine if the placeholder ocurrs in template
content before actually reading the corresponding secret file.
In terms of performance, this adds an extra string search, but removes
possibly unneceassary file reading if the secret is not used in the
template, though both of them should be negligible in most cases.
Fixes Mic92/sops-nix#496.
 2024-02-20 16:46:05 +00:00
Sirio Balmelli
48afd3264e home-manager/darwin: run sops-nix-user _once_ on login or activation 
Correct a bug where 'KeepAlive' in the launchd service
'org.nix-community.home.sops-nix.plist'
re-runs 'sops-nix-user' every few seconds.

This should run:

- once at boot
- once at home-manager profile activation

Signed-off-by: Sirio Balmelli <sirio@b-ad.ch>
 2024-02-13 17:36:42 +01:00
Jörg Thalheim
695275c349 make sops-install-secrets work with sysusers 2024-02-12 15:30:32 +01:00
Jörg Thalheim
00071af896 move secrets-fo-users to it's own module 
This preparation to support sysusers.
No behavior change.
 2024-02-08 12:26:52 +00:00
Edward Tjörnhammar
7711514b85 don't substitute binaries 2023-10-14 22:09:48 +00:00
Jörg Thalheim
4d284ca58c nixos: fix typo in assertion message when no key source is configured 2023-09-18 19:13:37 +02:00
Kilian Mio
d9c5dc41c4 fix: systemd unit file 
Make sure passwords are ready for services part of graphical-session.target
 2023-08-30 15:08:19 +01:00
Maximilian Bosch
f81e73cf9a
modules/sops: fix description of useTmpfs (#385) 
It's supposed to be mdDoc rather than mkDoc.
 2023-08-15 20:23:48 +01:00
Physics Enthusiast
32603de0dc
Configure the systemd user service to start with graphical session if use of a passphrase is detected (#346) 
* Update sops.nix systemd user service target

* Use conditional to detect if gnupg.home is set before setting the WantedBy to graphical-session.target
 2023-08-13 09:38:40 +01:00
Mic92
339a559402 Add configuration option to use tmpfs in place of ramfs (#355) 
allow use of tmpfs via option configuration

* Tabs vs Spaces

* Update modules/sops/default.nix

* Update modules/sops/default.nix
 2023-08-12 09:45:08 +01:00
zowoq
dca9e50fe3 modules/sops/templates: isCoercibleToString -> isConvertibleWithToString 
834f0d660a
 2023-08-12 09:27:30 +01:00
ajs124
3b26d8f58b literalDocBook -> literalMD 2023-06-20 15:08:13 +02:00
Maximilian Bosch
f10110ddef
modules/sops/templates: declare defaultText for sops.templates.<name>.group 
When using `documentation.nixos.includeAllModules = true;` this fails
for me with

    error: attribute 'users' missing

           at /nix/store/30jax2y4q3d1xyf8ha3cwilw3kdz4pn8-source/modules/sops/templates/default.nix:8:11:

                7|   secretsForUsers = lib.filterAttrs (_: v: v.neededForUsers) cfg.secrets;
                8|   users = config.users.users;
                 |           ^
                9| in {
    (use '--show-trace' to show detailed location information)

Not depending on `config` when building the manual fixes the issue.
 2023-04-25 21:45:42 +02:00
Janne Heß
679ad65214
templates: Add descriptions and use singleLineStr 2023-04-23 12:56:01 +02:00
bors[bot]
5698b06b07
Merge #316 
316: HM: make `secretsMountPoint` and `symlinkPath` configurable r=Mic92 a=Shawn8901



Co-authored-by: MidAutumnMoon <me@418.im>
 2023-04-18 12:41:35 +00:00
mlatus
4de4d820ba fix scope in sops.templates; add relevant test 2023-04-18 12:47:12 +08:00
MidAutumnMoon
37400a275d HM: make secretsMountPoint and symlinkPath configurable 2023-04-17 18:30:23 +02:00
Jörg Thalheim
800f2cd885
Update modules/sops/templates/default.nix 2023-03-21 18:19:08 +00:00
mlatus
d93c3bf08e inline option type and submodule 2023-03-21 21:23:20 +08:00
Ninlives
8c4ecdc301
Apply suggestions from code review 
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
 2023-03-21 21:20:42 +08:00
mlatus
efd85fbf51 code improvement; use more secure flow to create secret file 2023-03-15 13:56:51 +08:00
mlatus
c955d8fe91 typo 2023-03-14 00:09:48 +08:00
mlatus
c4c39450b1 add sops.templates 2023-03-13 23:56:19 +08:00
pogobanane
e4b99135e5
Home-maager: support init and dotenv 
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
 2023-02-03 10:30:30 +01:00