pkg/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2026-05-13 16:38:45 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Allow to set uid and gid instead of owner and group. No checks will be performed when uid and gid are set.

Browse source 
```
sops.secrets = {
  sslCertificate = {
    sopsFile = ./secrets.yaml;
    owner = "";
    group = "";
    uid = config.containers."nginx".config.users.users."nginx".uid;
    gid = config.containers."nginx".config.users.groups."nginx".gid;
  };
  sslCertificateKey = {
    sopsFile = ./secrets.yaml;
    owner = "";
    group = "";
    uid = config.containers."nginx".config.users.users."nginx".uid;
    gid = config.containers."nginx".config.users.groups."nginx".gid;
  };
};
```

Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
This commit is contained in:
Martijn de Munnik 2024-10-16 01:30:11 +02:00 committed by mergify[bot]
parent 26642e8f19
commit a4c33bfecb
5 changed files with 132 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/sops/secrets-for-users/default.nix
View file

@ -43,7 +43,7 @@ in
};
assertions = [{
assertion = (lib.filterAttrs (_: v: v.owner != "root" || v.group != "root") secretsForUsers) == { };
assertion = (lib.filterAttrs (_: v: (v.uid != 0 && v.owner != "root") || (v.gid != 0 && v.group != "root")) secretsForUsers) == { };
message = "neededForUsers cannot be used for secrets that are not root-owned";
} {
assertion = secretsForUsers != { } && sysusersEnabled -> config.users.mutableUsers;