Nathan Henrie
65418fc443
Revert "decrypt-parallel"
2025-10-31 08:39:48 -06:00
Ryan Mulligan
9ba0d85de3
Merge pull request #343 from ryantm/rtm0804decryptparallel
...
CI / tests-linux (push) Has been cancelled
CI / tests-darwin (push) Has been cancelled
Release Drafter / update_release_draft (push) Has been cancelled
decrypt-parallel
2025-10-28 05:54:37 -07:00
Vidhan Bhatt
d796cc5de4
use pkgs
2025-10-14 18:55:30 -04:00
Ryan Mulligan
540a4f1b0c
decrypt-parallel
2025-08-06 05:38:42 -07:00
Ryan Mulligan
0814fdc0de
format nix with rfc style
2025-08-05 05:46:34 -07:00
Ryan Mulligan
890be82dac
Merge pull request #338 from Lillecarl/escape
...
Escape literalExpression at all/properly
2025-08-04 08:46:02 -07:00
oluceps
d80d1febd3
fix: take userborn into consideration
2025-08-04 08:35:55 -07:00
oluceps
caab0435e1
feat: works with sysuser
...
fix: darwin compatible
chore: reformat
fix: infrec
chore: clean logic
Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>
Co-authored-by: Ilan Joselevich <personal@ilanjoselevich.com>
2025-08-04 08:35:55 -07:00
Carl Andersson
25b74cafe8
Escape literalExpression at all/properly
2025-07-03 09:30:55 +02:00
Arnout Engelen
531beac616
Improve age.identityPaths must be set error ( #335 )
...
This error can be puzzling if you're not already aware of how this
works, pointing users in the direction of openssh (which I suspect is
the most common way to populate `identityPaths`) while also keeping the
original message seems instructive.
2025-06-17 08:14:20 -07:00
codgician
96b7e4f9eb
contrib: improve readability of age.identityPaths default value
2025-01-13 11:59:48 +08:00
codgician
cce0ff472c
fix: bad age.identityPaths default value on darwin
2025-01-12 22:19:38 +08:00
Jacob Hrbek
e3413992fb
age-home: Use curly-brackets for XDG_RUNTIME_DIR
...
To avoid having to do 4fd99eae63/nixos/secrets.nix (L25C9-L29C116)
2024-08-10 05:05:53 +02:00
oddlama
08ed896eb6
fix: always treat link destinations as files to ensure error when destination is a directory.
...
This can happen if for example a secret is used in the initrd, which
materializes it as a directory, which then causes agenix to silently
create an incorrect link when switching to stage2. This ensures that
agenix will abort with an error.
2024-05-21 15:08:15 +02:00
Ryan Mulligan
5c1198a352
feat: switch from rage to age
...
Why
===
* Someone said age works better with password protected keys,
requiring entering the password less often.
* We switched to rage from age in
07ce686870https://github.com/FiloSottile/age/issues/139
What changed
===
* Switch from rage back to age (the reference implementation) in all
the spots
* Update the docs to show how to switch back to Rage
* Skip keys that are empty files, which fixes the integration test.
2023-12-23 14:09:16 -08:00
Nicolas Lenz
fe4f564f13
fix(home): shellcheck failure for fixed secretsDir
2023-09-09 16:46:53 +02:00
Lin Jian
6e8a48c2dc
doc: fix nixos option format in descriptions
2023-06-27 00:06:58 +08:00
Lin Jian
0d94960783
doc: fix defaultText by adding literalExpression
...
I also remove an unnecessary defaultText and fix a typo.
2023-06-27 00:06:39 +08:00
Sefa Eyeoglu
758cdc98f4
Disable shellcheck warning about impossible comparison
...
This shellcheck warning occurs when setting a path for a secret using
the home-manager module.
Signed-off-by: Sefa Eyeoglu <contact@scrumplex.net>
2023-05-12 20:15:30 +02:00
Bruno BELANYI
9274b82816
Add home-manager module
...
This is to update and fix the issues I saw in [1] and [2].
Using a service definition instead of an activation script should
resolve the issue about the secrets disappearing after rebooting.
Removed the `user` and `group` option as they do not make sense to me
for a home-manager module, which should target a single user. They can
always be added back if somebody comes screaming.
This is somewhat modeled after sops-nix's own module [3].
[1]: https://github.com/ryantm/agenix/pull/58/
[2]: https://github.com/ryantm/agenix/pull/109
[3]: https://github.com/Mic92/sops-nix/blob/master/modules/home-manager/sops.nix
2023-05-06 14:18:17 +01:00
Ryan Mulligan
b67873854d
Revert "fix: disallow Nix store paths in age.identityPaths option"
2023-02-26 15:11:56 -08:00
Ryan Mulligan
1141c36c26
fix: disallow Nix store paths in age.identityPaths option
2023-02-26 09:03:17 -08:00
Ryan Mulligan
2c0ae7d44f
contrib: stop packaging rage
...
We don't need to package rage anymore, since all the latest maintained
versions of Nix have versions higher than what we need.
2023-02-21 20:33:19 -08:00
Matthias Putz
ec66ebe0ee
Make isDarwin check more robust
2023-02-20 13:47:48 +01:00
Nathan Henrie
37c7297956
Skip missing or unreadable keys
2023-02-11 07:34:06 -07:00
Nathan Henrie
d7fd31756e
Remove activation scripts again
2023-01-30 15:52:05 -07:00
Nathan Henrie
6ec0b0f7c7
Revert to hdiutil for older macos compatibility, be explicit about the weird number after ram://
2023-01-30 15:51:52 -07:00
Nathan Henrie
9779a98f1e
Testing for CI -- revert "Remove activation scripts"
...
This reverts commit 4c315d9683
2023-01-30 15:33:50 -07:00
Nathan Henrie
4b2b6fa111
Simplify removal of trailing spaces
2023-01-30 14:37:15 -07:00
Nathan Henrie
4c315d9683
Remove activation scripts
2023-01-30 14:21:49 -07:00
Nathan Henrie
9b94b43971
format
2023-01-30 14:21:42 -07:00
Nathan Henrie
c69689da58
Use diskutil for more convenient sizes, strip trailing tabs
2023-01-30 14:21:33 -07:00
Nathan Henrie
b818ac2e7d
fmt
2023-01-30 09:18:56 -07:00
Nathan Henrie
019784cb7e
Give volume a name
2023-01-30 09:06:59 -07:00
Nathan Henrie
8867c12d72
Cleanup, improve readability
2023-01-30 09:06:39 -07:00
Nathan Henrie
4532604741
Silence output
2023-01-30 09:06:03 -07:00
Nathan Henrie
351e874918
Try to add nix-darwin support to agenix
...
Merges work by @montchr, @cmhamill, and @rtimush and rebases on main.
- fixes https://github.com/ryantm/agenix/issues/60
- fixes https://github.com/ryantm/agenix/issues/120
- closes https://github.com/ryantm/agenix/pull/107
2023-01-29 16:41:49 -07:00
Ryan Mulligan
16bef569f4
contrib: format Nix code with Alejandra
2023-01-29 10:57:51 -08:00
Ryan Mulligan
f86b56229b
feature: combine root and nonroot secret install; delay chowning
2022-07-10 11:47:58 -07:00
Jeroen Simonetti
fe206b4306
[module] change operation order
...
Change the order of operations to:
1. create new generation
2. decrypt secrets into new generation
3. symlink and remove old generation/secrets
Signed-off-by: Jeroen Simonetti <jeroen@simonetti.nl>
2022-07-10 19:12:55 +02:00
Ryan Mulligan
1a4643b779
feature: warn about missing files
...
rage itself does not have good error messages when files are missing,
so add some of our own checks and warnings.
2022-03-08 08:00:43 -08:00
Parthiv Seetharaman
85bd9d01ad
modules/age: add option for secrets directory
2022-02-21 15:20:05 -08:00
Jan Tojnar
35ecba5704
Do not try to create /run/agenix in when installing secrets
...
That is a job for agenixMountSecrets, which should have already
created a symlink there so the directory creation attempt would
fail anyway.
2022-01-06 22:55:10 +01:00
Jan Tojnar
26edd03a5a
Ensure /run is created before mounting secrets
...
Otherwise /run/agenix might disappear if specialfs is toposorted
between agenixMountSecrets and agenixRoot.
Fixes: https://github.com/ryantm/agenix/issues/92
2022-01-06 22:50:56 +01:00
Ryan Mulligan
dfb2e7e591
feature: rename age.sshKeyPaths to age.identityPaths
...
implements #66
2021-12-05 16:05:06 -08:00
Chuang Zhu
c2f6bd077c
allow customizing ageBin
2021-12-06 07:08:18 +08:00
sohalt
ed0d9ef01a
update option descriptions
2021-11-24 18:00:28 +01:00
Ryan Mulligan
5ff75b48b4
fix: make non-root secrets accessible again
...
fixes #69
2021-11-20 12:19:52 -08:00
Cole Helbling
7bb0b5d7f1
modules/age: add option to disable symlinking
...
There are some cases where it may be better or even required to have the
secret be a file that is not a symlink. Setting
age.secrets.some-secret.symlink = false;
will disable the default functionality of symlinking secrets and instead
just forcibly move them to their `path`.
2021-11-15 21:39:32 -08:00
Cole Helbling
e538664435
modules/age: /run/secrets -> /run/agenix
2021-11-15 21:39:32 -08:00
