diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml new file mode 100644 index 0000000..15fc1ad --- /dev/null +++ b/.buildkite/pipeline.yml @@ -0,0 +1,5 @@ +steps: + - name: "NixOS tests (unstable)" + command: "nix-build -I nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/nixpkgs-unstable.tar.gz -A sops-install-secrets.tests" + - name: "NixOS tests (20.03)" + command: "nix-build -I nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/nixpkgs-unstable.tar.gz -A sops-install-secrets.tests" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index caf674a..fe0aa40 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -20,9 +20,13 @@ jobs: - name: Setup cachix uses: cachix/cachix-action@v6 with: - name: ${{ matrix.cachixName }} + name: mic92 signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' - name: Show nixpkgs version run: nix-instantiate --eval -E '(import {}).lib.version' - name: Build nix packages run: nix run nixpkgs.nix-build-uncached -c nix-build-uncached default.nix + - name: Add keys group (needed for go tests) + run: sudo groupadd keys + - name: Run go tests + run: nix-shell --run "sudo unshare --mount --fork go test ./pkgs/sops-install-secrets" diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..9d3e7f6 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2020 Jörg Thalheim + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/default.nix b/default.nix index 188c403..ca7f6d7 100644 --- a/default.nix +++ b/default.nix @@ -1,6 +1,6 @@ { pkgs ? import {} }: let vendorSha256 = "sha256-O0z+oEffOOZa/bn2gV9onLVbPBHsNDH2yq1CZPi8w58="; -in { +in rec { sops-init-gpg-key = pkgs.callPackage ./pkgs/sops-init-gpg-key {}; sops-install-secrets = pkgs.callPackage ./pkgs/sops-install-secrets { inherit vendorSha256; diff --git a/modules/sops/default.nix b/modules/sops/default.nix index bfb44d3..f972866 100644 --- a/modules/sops/default.nix +++ b/modules/sops/default.nix @@ -5,7 +5,7 @@ with lib; let cfg = config.sops; users = config.users.users; - sops-install-secrets = pkgs.callPackage ../../pkgs/sops-install-secrets {}; + sops-install-secrets = (pkgs.callPackage ../.. {}).sops-install-secrets; secretType = types.submodule ({ config, ... }: { options = { name = mkOption { diff --git a/pkgs/sops-install-secrets/default.nix b/pkgs/sops-install-secrets/default.nix index 0c0bfa6..bf7025f 100644 --- a/pkgs/sops-install-secrets/default.nix +++ b/pkgs/sops-install-secrets/default.nix @@ -1,4 +1,4 @@ -{ buildGoModule, path, pkgs, vendorSha256 }: +{ stdenv, buildGoModule, path, pkgs, vendorSha256 }: buildGoModule { pname = "sops-install-secrets"; version = "0.0.1"; diff --git a/pkgs/sops-install-secrets/nixos-test.nix b/pkgs/sops-install-secrets/nixos-test.nix index 86d3654..b4ef967 100644 --- a/pkgs/sops-install-secrets/nixos-test.nix +++ b/pkgs/sops-install-secrets/nixos-test.nix @@ -1,6 +1,7 @@ { makeTest ? import , pkgs ? import }: { ssh-keys = makeTest { + name = "sops-ssh-keys"; nodes.server = { ... }: { imports = [ ../../modules/sops ]; services.openssh.enable = true; @@ -21,7 +22,8 @@ inherit pkgs; }; - gpg-keys = makeTest { + pgp-keys = makeTest { + name = "sops-pgp-keys"; nodes.server = { pkgs, lib, ... }: { imports = [ ../../modules/sops ]; sops.gnupgHome = "/run/gpghome";