mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2024-12-14 11:57:52 +00:00
Code Activity
861 commits 14 branches 1 tag 2.8 MiB
Commit graph

144 commits

Author SHA1 Message Date
Martijn de Munnik
a4c33bfecb Allow to set uid and gid instead of owner and group. No checks will be performed when uid and gid are set. 
```
sops.secrets = {
  sslCertificate = {
    sopsFile = ./secrets.yaml;
    owner = "";
    group = "";
    uid = config.containers."nginx".config.users.users."nginx".uid;
    gid = config.containers."nginx".config.users.groups."nginx".gid;
  };
  sslCertificateKey = {
    sopsFile = ./secrets.yaml;
    owner = "";
    group = "";
    uid = config.containers."nginx".config.users.users."nginx".uid;
    gid = config.containers."nginx".config.users.groups."nginx".gid;
  };
};
```

Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
 2024-10-23 07:38:42 +00:00
Jörg Thalheim
2750ed784e nixos-tests: enable system switch again 2024-10-06 16:02:18 +00:00
r-vdp
d9d781523a Support userborn 2024-09-05 12:42:46 +00:00
Ramses
5db5921e40
Reuse the existing nixpkgs instance for the tests instead of re-importing it (#611) 
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
 2024-09-01 14:30:42 +00:00
Janne Heß
b549832718 darwin: Mount hfs+ case-sensitive 
sops-nix assumes this is the case since it's the default on linux
 2024-05-22 17:51:40 +00:00
Kaede Akino
0cd7cac744 sops-install-secrets: add mount options for darwin 2024-05-22 17:51:40 +00:00
Jörg Thalheim
b94c6edbb8 fix symlink directory not existing 2024-04-18 18:17:04 +02:00
Jörg Thalheim
6b259336bd
Lint fixes (#539) 
* fix various additional linter errors

* extend golangci checks
 2024-04-18 16:19:26 +02:00
the-furry-hubofeverything
74f03c1a51 Refuse age keyfile paths that are in the nix store 2024-04-18 08:17:46 +00:00
Jörg Thalheim
85d13d5aa4 sops-install-secrets: also write out pubring to make gnupg happy 2024-03-14 15:47:03 +01:00
Jörg Thalheim
a2d9145e98 fix build with new ssh-to-age library 2024-03-14 15:47:03 +01:00
Janik H.
eb7e7f0842 sops-install-secrets: change sops url 
downgrade go-crypto again
 2024-03-14 15:47:03 +01:00
Jörg Thalheim
695275c349 make sops-install-secrets work with sysusers 2024-02-12 15:30:32 +01:00
Jörg Thalheim
2168851d58 nixos-tests: drop < 23.11 compat code 2024-02-08 13:05:11 +00:00
Jörg Thalheim
c0b3a5af90 fix wrong error message in ssh key import 2024-01-10 18:37:54 +01:00
Jörg Thalheim
020dcff707 allow ssh key import to fail 
We import ssh keys by default if openssh is enabled.
However if users are using age keys while using sops to deploy ssh keys we have
a catch-22.
While users could use lib.mkForce to empty the list, this is not intuitive
 2024-01-10 17:59:57 +01:00
Sandro Jäckel
0e3a94167d sops-install-secrets: don't trigger a rebuild when flake.lock changes 
When you have a follow in your flake inputs, sops-install-secrets is
rebuild everytime the flake.lock changes despite that being a noop. When
filtering src this can be avoided.
 2023-11-14 08:42:18 +00:00
pizmovc
0a9d5e41f6 fixup! Rename passwordFile to hashedPasswordFile 2023-11-06 06:36:07 +00:00
pizmovc
4e3f66f703 Rename passwordFile to hashedPasswordFile 
This follows the rename that was done in nixpkgs.

Reference PR https://github.com/NixOS/nixpkgs/pull/254080
 2023-11-06 06:36:07 +00:00
Jörg Thalheim
275b28593e sops-install-secrets: check that both uid & gid are correct on mountpoints 2023-11-03 15:23:39 +01:00
Jörg Thalheim
c59da7ac29 reformat with gofumpt 2023-11-03 14:49:21 +01:00
Jörg Thalheim
cc2cfe5630 don't chown mountpoint if already correct 
This avoids issues where directory might be bind mounted.
 2023-11-03 14:49:21 +01:00
Shyim
1b7b3a32d6 Update pkgs/sops-install-secrets/darwin.go 
Co-authored-by: Leo Pang <34628052+allthatjazzleo@users.noreply.github.com>
 2023-08-22 19:24:38 +01:00
Shyim
fce0c8ce93 fix: add missing argument for MountSecretFs on darwin 2023-08-22 19:24:38 +01:00
Mic92
339a559402 Add configuration option to use tmpfs in place of ramfs (#355) 
allow use of tmpfs via option configuration

* Tabs vs Spaces

* Update modules/sops/default.nix

* Update modules/sops/default.nix
 2023-08-12 09:45:08 +01:00
Jörg Thalheim
62a7c95c8c vendorHash: make it overridable 2023-07-15 06:49:20 +00:00
Roman Gonzalez
2ff6973350 fix(darwin): RuntimeDir trailing slash 
In later versions of macOS (e.g. Ventura), the command used to get a
runtime directory (e.g. `getconf DARWIN_USER_TEMP_DIR`) returns a
trailing slash.

When using a configuration like:

```
sops.defaultSecretsMountPoint = "%r/secrets.d";
```

The final path is going to contain a double slash in the suffix of the
path, an example:

```
/var/<random>/<hash>//secrets.d
```

This commit ensures that the runtime dir will get the trailing '/'
character removed.
 2023-06-22 01:49:29 +00:00
Roman Gonzalez
4ce3cc3428 fix(darwin): use chown only on non user mode 
On the latest version of macOS (Ventura 13.4 as of this date), this
change ownership will always fail with the error:

> Failed to mount filesystem for secrets: Cannot change owner/group of '.../secrets.d' to 0/0: chown .../secrets.d: operation not permitted
 2023-06-22 01:49:29 +00:00
Jörg Thalheim
2e77ca66d8
Merge pull request #326 from Mic92/deprecation-stuff 
fix makeSetupHook deprecations
 2023-05-08 05:58:13 +01:00
Jörg Thalheim
b84b3177a1 fix makeSetupHook's also for older nixos release 2023-05-08 06:48:56 +02:00
mlatus
4de4d820ba fix scope in sops.templates; add relevant test 2023-04-18 12:47:12 +08:00
mlatus
bae4d46397 add test for sops.templates 2023-03-23 23:06:04 +08:00
Tomas Zaluckij
bea992ff5e
fix makeSetupHook deprecations 2023-03-17 21:03:25 +00:00
Jörg Thalheim
4e50640bac go: drop deprecated ioutil 2023-02-28 09:44:31 +01:00
Pogobanane
716ccf8147 sops-install-secrets: disable unittest for darwin 
because $unittest is undefined on darwin and breaks the build/test
 2023-02-02 12:07:00 +01:00
Pogobanane
466d039190 darwin/home-manager: %r dir 2023-02-02 12:07:00 +01:00
Pogobanane
98834d958b darwin: impl MountSecretFs 2023-02-02 12:07:00 +01:00
Pogobanane
58ceff1f7b darwin: workaround missing user 2023-02-02 12:07:00 +01:00
Pogobanane
e6ccc740d8 darwin: impl SecureSymlinkChown 2023-02-02 12:07:00 +01:00
Pogobanane
783af739d2 fix go tests for darwin 2023-02-02 12:07:00 +01:00
Pogobanane
4f3d45c058 go files for darwin 
fixup
 2023-02-02 11:38:33 +01:00
Janne Heß
7f38c98162 More review fixups 2023-02-02 11:38:03 +01:00
Janne Heß
3afa9ca553 Fixup review comments 2023-02-02 11:38:03 +01:00
Janne Heß
acaf36a1bf Implement home-manager support 
Closes #62
Closes #163
 2023-02-02 11:38:03 +01:00
Jörg Thalheim
f234b0c865
TestIsValidFormat: don't use deprecated golang function 2023-02-01 22:08:03 +01:00
Jörg Thalheim
415302126e
Merge pull request #262 from lucasew/feat/type-dotenv 
format type: add dotenv and ini
 2023-02-01 21:54:15 +01:00
Nick Cao
a88f9dd22d
Fix build of sops-install-secrets after https://github.com/NixOS/nixpkgs/pull/212800 2023-02-01 13:16:38 +08:00
lucasew
eb09a61dc9 format type: add dotenv and ini 
Signed-off-by: lucasew <lucas59356@gmail.com>
 2023-01-17 10:55:52 -03:00
Jörg Kütemeier
7e0e679050
Update pkgs/sops-init-gpg-key/sops-init-gpg-key 
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
 2023-01-11 10:00:33 +01:00
Jörg Kütemeier
0ef86b61ee
Update pkgs/sops-init-gpg-key/sops-init-gpg-key 
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
 2023-01-11 10:00:25 +01:00