mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2024-12-14 11:57:52 +00:00
Code Activity
885 commits 14 branches 1 tag 2.8 MiB
Commit graph

885 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jörg Thalheim
6ef5c647a4 drop docs unpinned ways of installing sops-nix 
Less clutter and people are more likely to install dependencies in a
more maintainable way.
 2024-04-19 10:15:45 +00:00
Jörg Thalheim
e31339a204 home-manager: fix implicit dependency on coreutils 
fixes https://github.com/Mic92/sops-nix/issues/542
 2024-04-19 08:18:56 +00:00
Jörg Thalheim
b94c6edbb8 fix symlink directory not existing 2024-04-18 18:17:04 +02:00
Jörg Thalheim
6b259336bd
Lint fixes (#539) 
* fix various additional linter errors

* extend golangci checks
 2024-04-18 16:19:26 +02:00
github-actions[bot]
ac538092be flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/a0c9e3aee1000ac2bfb0e5b98c94c946a5d180a9' (2024-04-12)
  → 'github:NixOS/nixpkgs/2b6ee326ad047870526d9a3ae88dfd0197da898d' (2024-04-16)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/c27f3b6d8e29346af16eecc0e9d54b1071eae27e' (2024-04-13)
  → 'github:NixOS/nixpkgs/8494ae076b7878d61a7d2d25e89a847fe8f8364c' (2024-04-18)
 2024-04-18 11:22:27 +00:00
Jörg Thalheim
58b9a13a37 home-manager: fix key store path check for strings 
fixes https://github.com/Mic92/sops-nix/issues/535
 2024-04-18 13:12:29 +02:00
Sebastian Sellmeier
a9795d1959 home-manager: Change defaultSymlinkPath to "<xdg-config-home>/sops-nix/secrets" 2024-04-18 08:22:30 +00:00
the-furry-hubofeverything
74f03c1a51 Refuse age keyfile paths that are in the nix store 2024-04-18 08:17:46 +00:00
dependabot[bot]
7f49111254 update vendorHash 2024-04-18 08:11:19 +00:00
dependabot[bot]
3a30a38816 Bump github.com/ProtonMail/go-crypto 
Bumps [github.com/ProtonMail/go-crypto](https://github.com/ProtonMail/go-crypto) from 0.0.0-20230923063757-afb1ddc0824c to 1.1.0-alpha.2.
- [Release notes](https://github.com/ProtonMail/go-crypto/releases)
- [Commits](https://github.com/ProtonMail/go-crypto/commits/v1.1.0-alpha.2)

---
updated-dependencies:
- dependency-name: github.com/ProtonMail/go-crypto
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-18 08:11:19 +00:00
Sebastian Sellmeier
dacc9519f5 home-manager: Include home.activation-script for linux similar to macos 2024-04-18 08:02:04 +00:00
Joachim Ernst
cc535d07cb
remove all uses of lib.mdDoc (#532) 2024-04-15 11:55:09 +02:00
github-actions[bot]
226062b47f flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/9e7f26f82acb057498335362905fde6fea4ca50a' (2024-04-06)
  → 'github:NixOS/nixpkgs/a0c9e3aee1000ac2bfb0e5b98c94c946a5d180a9' (2024-04-12)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/e38d7cb66ea4f7a0eb6681920615dfcc30fc2920' (2024-04-06)
  → 'github:NixOS/nixpkgs/c27f3b6d8e29346af16eecc0e9d54b1071eae27e' (2024-04-13)
 2024-04-14 03:55:50 +00:00
dependabot[bot]
538c114cfd update vendorHash 2024-04-08 23:00:41 +00:00
dependabot[bot]
104aabf324 Bump golang.org/x/crypto from 0.21.0 to 0.22.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.21.0 to 0.22.0.
- [Commits](https://github.com/golang/crypto/compare/v0.21.0...v0.22.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-08 23:00:41 +00:00
github-actions[bot]
39191e8e62 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/807c549feabce7eddbf259dbdcec9e0600a0660d' (2024-03-29)
  → 'github:NixOS/nixpkgs/9e7f26f82acb057498335362905fde6fea4ca50a' (2024-04-06)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/2b4e3ca0091049c6fbb4908c66b05b77eaef9f0c' (2024-03-30)
  → 'github:NixOS/nixpkgs/e38d7cb66ea4f7a0eb6681920615dfcc30fc2920' (2024-04-06)
 2024-04-07 03:01:48 +00:00
github-actions[bot]
99b1e37f9f flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/20bc93ca7b2158ebc99b8cef987a2173a81cde35' (2024-03-23)
  → 'github:NixOS/nixpkgs/807c549feabce7eddbf259dbdcec9e0600a0660d' (2024-03-29)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/ac6bdf6181666ebb4f90dd20f31e2fa66ede6b68' (2024-03-23)
  → 'github:NixOS/nixpkgs/2b4e3ca0091049c6fbb4908c66b05b77eaef9f0c' (2024-03-30)
 2024-03-31 03:17:28 +00:00
github-actions[bot]
405987a66c flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/9af9c1c87ed3e3ed271934cb896e0cdd33dae212' (2024-03-15)
  → 'github:NixOS/nixpkgs/20bc93ca7b2158ebc99b8cef987a2173a81cde35' (2024-03-23)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/6dc11d9859d6a18ab0c5e5829a5b8e4810658de3' (2024-03-16)
  → 'github:NixOS/nixpkgs/ac6bdf6181666ebb4f90dd20f31e2fa66ede6b68' (2024-03-23)
 2024-03-24 03:01:59 +00:00
github-actions[bot]
83b68a0e8c flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/0e7f98a5f30166cbed344569426850b21e4091d4' (2024-03-09)
  → 'github:NixOS/nixpkgs/9af9c1c87ed3e3ed271934cb896e0cdd33dae212' (2024-03-15)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/b17375d3bb7c79ffc52f3538028b2ec06eb79ef8' (2024-03-10)
  → 'github:NixOS/nixpkgs/6dc11d9859d6a18ab0c5e5829a5b8e4810658de3' (2024-03-16)
 2024-03-17 03:03:14 +00:00
dependabot[bot]
6c32d3b9c7 update vendorHash 2024-03-14 17:24:24 +01:00
dependabot[bot]
0e2a9aeb92 build(deps): bump google.golang.org/protobuf from 1.30.0 to 1.33.0 
Bumps google.golang.org/protobuf from 1.30.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-14 17:24:24 +01:00
dependabot[bot]
cf5f5d8e27 update vendorHash 2024-03-14 15:08:37 +00:00
dependabot[bot]
d076d5ea84 build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.2 to 3.0.3 
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/v3.0.3/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.2...v3.0.3)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-14 15:08:37 +00:00
Jörg Thalheim
ebbca93858 Update README.md 2024-03-14 15:47:27 +01:00
GameDungeon
cc721b2bc1 Update README.md for impermanence users 2024-03-14 15:47:27 +01:00
Jörg Thalheim
fa8035c073 use gnupg binary also now for ssh rsa keys 
With the last sops bump, our gpg keys are no longer detected by sops without it
 2024-03-14 15:47:03 +01:00
Jörg Thalheim
85d13d5aa4 sops-install-secrets: also write out pubring to make gnupg happy 2024-03-14 15:47:03 +01:00
Jörg Thalheim
a2d9145e98 fix build with new ssh-to-age library 2024-03-14 15:47:03 +01:00
Janik H.
833bd28f8f .gitignore: add nix build result 2024-03-14 15:47:03 +01:00
Janik H.
eb7e7f0842 sops-install-secrets: change sops url 
downgrade go-crypto again
 2024-03-14 15:47:03 +01:00
dependabot[bot]
804157eb75 update vendorHash 2024-03-14 12:52:31 +01:00
dependabot[bot]
1385b12fb3 build(deps): bump golang.org/x/crypto from 0.20.0 to 0.21.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.20.0 to 0.21.0.
- [Commits](https://github.com/golang/crypto/compare/v0.20.0...v0.21.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-14 12:52:31 +01:00
Luflosi
7f015eeff1 modules/sops: fix typo 
The assertion below states: "Exactly one of sops.gnupg.home and sops.gnupg.sshKeyPaths must be set".
 2024-03-14 12:52:12 +01:00
dependabot[bot]
e52d8117b3 build(deps): bump cachix/install-nix-action from 25 to 26 
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 25 to 26.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v25...v26)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-11 22:13:14 +00:00
github-actions[bot]
f8d5c8baa8 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/458b097d81f90275b3fdf03796f0563844926708' (2024-03-02)
  → 'github:NixOS/nixpkgs/0e7f98a5f30166cbed344569426850b21e4091d4' (2024-03-09)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/66d65cb00b82ffa04ee03347595aa20e41fe3555' (2024-03-03)
  → 'github:NixOS/nixpkgs/b17375d3bb7c79ffc52f3538028b2ec06eb79ef8' (2024-03-10)
 2024-03-10 03:03:26 +00:00
dependabot[bot]
25dd60fdd0 update vendorHash 2024-03-06 07:44:51 +00:00
dependabot[bot]
e3b396f42f build(deps): bump golang.org/x/sys from 0.17.0 to 0.18.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-06 07:44:51 +00:00
dependabot[bot]
291aad29b5 build(deps): bump DeterminateSystems/update-flake-lock from 20 to 21 
Bumps [DeterminateSystems/update-flake-lock](https://github.com/determinatesystems/update-flake-lock) from 20 to 21.
- [Release notes](https://github.com/determinatesystems/update-flake-lock/releases)
- [Commits](https://github.com/determinatesystems/update-flake-lock/compare/v20...v21)

---
updated-dependencies:
- dependency-name: DeterminateSystems/update-flake-lock
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-04 22:39:56 +00:00
github-actions[bot]
075df9d85e flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/f63ce824cd2f036216eb5f637dfef31e1a03ee89' (2024-02-24)
  → 'github:NixOS/nixpkgs/458b097d81f90275b3fdf03796f0563844926708' (2024-03-02)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/89a2a12e6c8c6a56c72eb3589982c8e2f89c70ea' (2024-02-25)
  → 'github:NixOS/nixpkgs/66d65cb00b82ffa04ee03347595aa20e41fe3555' (2024-03-03)
 2024-03-03 03:01:51 +00:00
dependabot[bot]
a1c8de14f6 update vendorHash 2024-02-26 22:51:07 +00:00
dependabot[bot]
e386e52abe build(deps): bump golang.org/x/crypto from 0.19.0 to 0.20.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.19.0 to 0.20.0.
- [Commits](https://github.com/golang/crypto/compare/v0.19.0...v0.20.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-02-26 22:51:07 +00:00
github-actions[bot]
2874fbbe4a flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/6e2f00c83911461438301db0dba5281197fe4b3a' (2024-02-17)
  → 'github:NixOS/nixpkgs/f63ce824cd2f036216eb5f637dfef31e1a03ee89' (2024-02-24)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/69405156cffbdf2be50153f13cbdf9a0bea38e49' (2024-02-17)
  → 'github:NixOS/nixpkgs/89a2a12e6c8c6a56c72eb3589982c8e2f89c70ea' (2024-02-25)
 2024-02-25 03:01:16 +00:00
Quentin Smith
f6b80ab6cd Address review comments 2024-02-21 07:24:54 +00:00
Quentin Smith
fbec55367f modules/sops/templates: Support custom files as secret templates 
This exposes the `file` option, which can be used with `pkgs.formats` to write additional configuration formats.
 2024-02-21 07:24:54 +00:00
dependabot[bot]
acfcce2a36 update vendorHash 2024-02-20 19:09:21 +00:00
dependabot[bot]
a13fc353ca build(deps): bump golang.org/x/crypto from 0.18.0 to 0.19.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.18.0 to 0.19.0.
- [Commits](https://github.com/golang/crypto/compare/v0.18.0...v0.19.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-02-20 19:09:21 +00:00
dependabot[bot]
a5932c85e1 update vendorHash 2024-02-20 18:18:50 +00:00
dependabot[bot]
203f3fd655 build(deps): bump golang.org/x/sys from 0.16.0 to 0.17.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/sys/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-02-20 18:18:50 +00:00
w4tsn
5611ba15f1 add nix config snippet to restart sops-nix service 
As home-manager does not restart the `sops-nix` unit automatically
a snippet to instruct home-manager to do so is added.

Home-manager could be instructed to restart the user service from the
sops-nix home-manager module instead. Usually home-manager restarts
units which changed. Since the sops-nix unit does not change when
secrets change this does not trigger automatically.

There are two options:
- let sops-nix home-manager module compute a chained hash over all
  secrets and place it inside the unit file, so it changes every time
  the secrets change
- use X-SwitchMethod and X-Restart-Triggers
  See nix-community/home-manager#3865
 2024-02-20 18:04:56 +00:00
DDoSolitary
f88661c9a9 Revert "don't substitute binaries" 
This reverts commit 7711514b85.

With db82bcafd4, we no longer need to
ensure that the pair list only contains utf-8 text, as long as users
don't reference non-utf-8 data in template content.
Fixes Mic92/sops-nix#439.
 2024-02-20 16:46:05 +00:00