feat(darwin): add age key generation args option

2026-04-09 19:55:41 +08:00 · 2026-04-08 12:56:27 -04:00 · 2026-04-08 12:56:27 -04:00 · 260872257c
commit 260872257c
parent 1721fd4324
2 changed files with 11 additions and 1 deletions
--- a/checks/darwin.nix
+++ b/checks/darwin.nix
@ -27,5 +27,6 @@
  };
  sops.defaultSopsFile = ../pkgs/sops-install-secrets/test-assets/secrets.yaml;
  sops.age.generateKey = true;
+  sops.age.extraGenerateKeyArgs = [ "-pq" ];
  system.stateVersion = 5;
 }
--- a/modules/nix-darwin/default.nix
+++ b/modules/nix-darwin/default.nix
@ -173,7 +173,7 @@ let
            echo generating machine-specific age key...
            mkdir -p "$(dirname ${escapedKeyFile})"
            # age-keygen sets 0600 by default, no need to chmod.
-            ${pkgs.age}/bin/age-keygen -o ${escapedKeyFile}
+            ${pkgs.age}/bin/age-keygen -o ${escapedKeyFile} ${lib.join " " cfg.age.extraGenerateKeyArgs}
          fi
        ''
      else
@ -300,6 +300,15 @@ in
        '';
      };

+      extraGenerateKeyArgs = lib.mkOption {
+        type = lib.types.listOf lib.types.str;
+        default = [ ];
+        example = [ "-pq" ];
+        description = ''
+          List of arguments to use when generating the age key.
+        '';
+      };
+
      sshKeyPaths = lib.mkOption {
        type = lib.types.listOf lib.types.path;
        default = defaultImportKeys "ed25519";