pkg/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2025-12-26 14:14:58 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

escape age key file

Browse source
This commit is contained in:
Jörg Thalheim 2024-08-12 11:22:03 +02:00
parent 9f8f9652f5
commit c3cff455d0
1 changed files with 6 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

10
modules/nix-darwin/sops.nix
View file

@ -94,18 +94,20 @@ let
manifest = manifestFor "" cfg.secrets;
escapedAgeKeyFile = lib.escapeShellArg cfg.age.keyFile;
script = toString (pkgs.writeShellScript "sops-nix-user" ((lib.optionalString (cfg.gnupg.home != null) ''
export SOPS_GPG_EXEC=${pkgs.gnupg}/bin/gpg
'')
+ (lib.optionalString cfg.age.generateKey ''
if [[ ! -f '${cfg.age.keyFile}' ]]; then
if [[ ! -f ${escapedAgeKeyFile} ]]; then
echo generating machine-specific age key...
${pkgs.coreutils}/bin/mkdir -p $(${pkgs.coreutils}/bin/dirname ${cfg.age.keyFile})
${pkgs.coreutils}/bin/mkdir -p $(${pkgs.coreutils}/bin/dirname ${escapedAgeKeyFile})
# age-keygen sets 0600 by default, no need to chmod.
${pkgs.age}/bin/age-keygen -o ${cfg.age.keyFile}
${pkgs.age}/bin/age-keygen -o ${escapedAgeKeyFile}
fi
'' + ''
${sops-install-secrets}/bin/sops-install-secrets -ignore-passwd '${manifest}'
${sops-install-secrets}/bin/sops-install-secrets -ignore-passwd ${manifest}
'')));
in {
options.sops = {