nix/3.agenix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
344 commits 1 branch 0 tags 348 KiB
Commit graph

344 commits

This branch
This branch
All branches
Author SHA1 Message Date
Andrew Lubawy
783bf0daf6 Remove path config to use default secret path in test 2025-08-04 08:53:33 -07:00
Andrew Lubawy
d48f920cde Run nix fmt on secrets.nix 2025-08-04 08:53:33 -07:00
Andrew Lubawy
01217f8b39 Update docs to include example of armored output 2025-08-04 08:53:33 -07:00
Andrew Lubawy
92af581e8b Add integration test for armored secret 2025-08-04 08:53:33 -07:00
Andrew Lubawy
8f6065756a Add armored example 2025-08-04 08:53:33 -07:00
Andrew Lubawy
e945c673b8 Try adding an option to output with armor 2025-08-04 08:53:33 -07:00
Ryan Mulligan
890be82dac
Merge pull request #338 from Lillecarl/escape 
Escape literalExpression at all/properly
 2025-08-04 08:46:02 -07:00
Ryan Mulligan
7cbb4773bc
Merge pull request #255 from oluceps/with-sysuser 
feat: works with sysuser
 2025-08-04 08:44:42 -07:00
Ryan Mulligan
1266723d74
Merge pull request #336 from ryantm/doc-alternate-impls 
doc: clarify lack of support when using nondefault implementations
 2025-08-04 08:36:55 -07:00
oluceps
d80d1febd3 fix: take userborn into consideration 2025-08-04 08:35:55 -07:00
oluceps
caab0435e1 feat: works with sysuser 
fix: darwin compatible

chore: reformat

fix: infrec

chore: clean logic

Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>
Co-authored-by: Ilan Joselevich <personal@ilanjoselevich.com>
 2025-08-04 08:35:55 -07:00
Carl Andersson
25b74cafe8 Escape literalExpression at all/properly 2025-07-03 09:30:55 +02:00
Nathan Henrie
11b35f0a10 doc: clarify lack of support when using nondefault implementations 
Also format codeblock RFC style, use `lib.getExe`
 2025-06-23 09:16:03 -06:00
Arnout Engelen
531beac616
Improve age.identityPaths must be set error (#335) 
This error can be puzzling if you're not already aware of how this
works, pointing users in the direction of openssh (which I suspect is
the most common way to populate `identityPaths`) while also keeping the
original message seems instructive.
 2025-06-17 08:14:20 -07:00
Nathan Henrie
4835b1dc89
Merge pull request #278 from llakala/update-wiki-link 
Update link from unofficial nixos wiki to official one
 2025-05-18 07:33:26 -06:00
quatquatt
34246aece3 doc: update link from unofficial nixos wiki to official one 2025-05-17 17:26:26 -04:00
Nathan Henrie
6697e8babb
Merge pull request #328 from ryantm/doc-strip-whitespace 
doc: strip trailing whitespace
 2025-05-17 14:39:13 -06:00
Nathan Henrie
bd33a9b9a5 doc: strip trailing whitespace 
People's editors keep automatically doing this and adding a bunch of
unrelated lines to their diff. Trying to stop that.
 2025-05-17 13:21:39 -06:00
Nathan Henrie
8a4516aed6
Merge pull request #318 from bcl1713/main 
docs: add home-manager module documentation
 2025-05-17 13:04:35 -06:00
Nathan Henrie
72f7f68aa8
Merge pull request #327 from n8henrie/leading-hyphen-filename 
Separate flags from positional args with `--`
 2025-05-17 13:00:30 -06:00
Nathan Henrie
af991e8dc3 Separate flags from positional args with -- 
This prevents interpreting filenames with leading `-` as flags.

Add a regression test for this behavior.

Fixes https://github.com/ryantm/agenix/issues/325
 2025-05-04 13:06:24 -06:00
Nathan Henrie
96e078c646
Merge pull request #324 from K900/replace-vars 
fix: use replaceVars instead of substituteAll
 2025-04-25 19:21:46 -06:00
K900
58c554469c fix: use replaceVars instead of substituteAll 
The latter is deprecated in latest nixpkgs.

Also, update inputs to non-ancient versions.
 2025-04-24 15:18:29 +03:00
Brian Lucas
cccd5afb1c docs: add home-manager module documentation 2025-04-02 09:12:55 -05:00
Nathan Henrie
e600439ec4
Merge pull request #307 from codgician/fix-darwin-module 
fix: bad age.identityPaths default value on darwin, bump to macOS-latest in CI
 2025-01-15 08:33:50 -07:00
codgician
4d0d81e606
fix: bad indentation in ci 2025-01-13 12:02:14 +08:00
codgician
96b7e4f9eb
contrib: improve readability of age.identityPaths default value 2025-01-13 11:59:48 +08:00
codgician
989ade2850
feat: dynamically determine architecture in ci 2025-01-13 11:58:57 +08:00
codgician
302ab0c172
fix: bump to macOS-15 in CI 2025-01-12 22:25:25 +08:00
codgician
cce0ff472c
fix: bad age.identityPaths default value on darwin 2025-01-12 22:19:38 +08:00
Ryan Mulligan
f6291c5935
Merge pull request #280 from Kreyren/patch-3 
age-home: Use curly-brackets for XDG_RUNTIME_DIR
 2024-08-10 05:45:04 -07:00
Jacob Hrbek
e3413992fb age-home: Use curly-brackets for XDG_RUNTIME_DIR 
To avoid having to do 4fd99eae63/nixos/secrets.nix (L25C9-L29C116) while using agenix in user services.
 2024-08-10 05:05:53 +02:00
Ryan Mulligan
3f1dae074a
Merge pull request #277 from fzakaria/import-module-remove 
Remove import for NixOS/HM modules
 2024-07-30 04:30:03 -07:00
Farid Zakaria
40012e5ed4 Remove import for NixOS/HM modules 
When using `files` on a NixOS option in the `nix repl` it fails to
follow the attribute of agenix module.

Discussing with @roberth has explained that this is a "common bug" on
account of mis-using the `import` for modules.

From what I understand, the `import` statement brings it into the
current context so you lose the attribute of where it's defined.

Here is what I currently see:
```
nix-repl> options.age.ageBin.files
[
  "/nix/store/8kpmdb63f5i9mwdyirqki7hvvglgy1va-source/machines/nyx/configuration.nix"
]

```

After this change, the value in agenix is reported instead.
```
❯ nix repl --extra-experimental-features 'flakes repl-flake' \
           --override-input agenix /home/fmzakari/code/github.com/ryantm/agenix .

nix-repl> options.age.ageBin.files
[
  "/nix/store/99gc8rhgw43k201k34pshcsygdvbhmpy-source/modules/age.nix"
]
```
 2024-07-29 08:15:01 -07:00
Ryan Mulligan
de96bd907d
Merge pull request #265 from Kreyren/patch-1 
README: Add warning about HNDL and PQS in threat model
 2024-07-09 10:30:05 -07:00
KREYREN
760751b6d1
README: Add warning about HNDL and PQS in theat model 2024-06-19 15:37:53 +00:00
Ryan Mulligan
3a56735779
Merge pull request #187 from oddlama/main 
fix: always treat link destinations as files to ensure an error when the destination is a directory
 2024-06-14 06:18:04 -07:00
Nathan Henrie
c2fc0762bb
Merge pull request #241 from sternenseemann/nix-2.3-install-check 
agenix: fix installCheckPhase with Nix 2.3
 2024-05-24 08:40:46 -06:00
oddlama
08ed896eb6
fix: always treat link destinations as files to ensure error when destination is a directory. 
This can happen if for example a secret is used in the initrd, which
materializes it as a directory, which then causes agenix to silently
create an incorrect link when switching to stage2. This ensures that
agenix will abort with an error.
 2024-05-21 15:08:15 +02:00
Nathan Henrie
8d37c5bdea
Merge pull request #259 from hansemschnokeloch/patch-1 
Fix typo
 2024-05-09 15:32:35 -06:00
hansemschnokeloch
63a57d8dfb
Fix typo 2024-05-09 22:25:29 +02:00
Jörg Thalheim
07479c2e73
update link to nixos wiki (#258) 2024-05-07 10:12:37 -07:00
Ryan Mulligan
24a7ea3905
Merge pull request #256 from spectre256/main 
fix: allow for newlines in keys
 2024-04-26 05:59:12 -07:00
Ellis Gibbons
2c1d1fb134
fix: allow for newlines in keys 2024-04-12 17:50:07 -04:00
Cole Helbling
1381a759b2
Merge pull request #254 from oluceps/fix-doc 
doc: fix wrong `ssh-keyscan` usage
 2024-04-02 10:31:00 -07:00
oluceps
3fd98a2c3b
doc: fix wrong ssh-keyscan usage 2024-04-03 01:00:02 +08:00
Ryan Mulligan
8cb01a0e71
Merge pull request #244 from kraem/fix/rage_to_age_docs 
fix: update docs for 5c1198a
 2024-02-13 05:27:47 -08:00
kraem
1f62cef426 fix: update docs for 5c1198a 2024-02-07 08:48:49 +01:00
sternenseemann
1746e4f5ec agenix: fix installCheckPhase with Nix 2.3 
As opposed to e.g. Nix 2.18, Nix 2.3 doesn't try to create a fallback
store in $HOME if $NIX_STORE_DIR and $NIX_STATE_DIR aren't writable.
 2024-02-01 13:30:22 +01:00
Ryan Mulligan
417caa847f
Merge pull request #232 from ryantm/rtm-12-23-test 
dev: reland add direct tests for agenix
 2023-12-24 08:04:03 -08:00