From 5c23dc81a7b13890e9d9e81b39ff1bafa84b5637 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Wed, 4 Feb 2026 19:48:56 +0100 Subject: [PATCH] Bump go to 1.25, remove compatibility for 25.05 or older --- checks/home-manager.nix | 2 +- default.nix | 3 +-- dev/private.narHash | 2 +- dev/private/flake.lock | 34 +++++++++++++------------- dev/private/flake.nix | 2 +- flake.nix | 4 +-- go.mod | 2 +- modules/sops/default.nix | 2 +- pkgs/sops-import-keys-hook/default.nix | 15 +++--------- pkgs/sops-install-secrets/darwin.go | 1 - pkgs/sops-install-secrets/default.nix | 4 +-- pkgs/sops-install-secrets/linux.go | 3 +-- pkgs/sops-install-secrets/main_test.go | 1 - 13 files changed, 31 insertions(+), 44 deletions(-) diff --git a/checks/home-manager.nix b/checks/home-manager.nix index 3c32fd6..de1701a 100644 --- a/checks/home-manager.nix +++ b/checks/home-manager.nix @@ -3,7 +3,7 @@ imports = [ ../modules/home-manager/sops.nix ]; - home.stateVersion = "25.05"; + home.stateVersion = "25.11"; home.username = "sops-user"; home.homeDirectory = "/home/sops-user"; home.enableNixpkgsReleaseCheck = false; diff --git a/default.nix b/default.nix index 723d9a7..14fd349 100644 --- a/default.nix +++ b/default.nix @@ -23,8 +23,7 @@ rec { inherit vendorHash; }; unit-tests = pkgs.callPackage ./pkgs/unit-tests.nix { }; -} -// pkgs.lib.optionalAttrs (pkgs ? buildGo124Module) { + lint = pkgs.callPackage ./pkgs/lint.nix { inherit sops-install-secrets; }; diff --git a/dev/private.narHash b/dev/private.narHash index a7ddbcb..c5ef62a 100644 --- a/dev/private.narHash +++ b/dev/private.narHash @@ -1 +1 @@ -sha256-MW4McwteXVA4RxkqsHLquFnS3v1zZiXOJ/VFPwAgTC4= \ No newline at end of file +sha256-CJal6YSeZtyF9O5lpf37QEGRRPxq4DNcuqf+NaXjUbA= \ No newline at end of file diff --git a/dev/private/flake.lock b/dev/private/flake.lock index 5188007..bc93777 100644 --- a/dev/private/flake.lock +++ b/dev/private/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1769872935, - "narHash": "sha256-07HMIGQ/WJeAQJooA7Kkg1SDKxhAiV6eodvOwTX6WKI=", + "lastModified": 1770164260, + "narHash": "sha256-mQgOAYWlVJyuyXjZN6yxqXWyODvQI5P/UZUCU7IOuYo=", "owner": "nix-community", "repo": "home-manager", - "rev": "f4ad5068ee8e89e4a7c2e963e10dd35cd77b37b7", + "rev": "4fda26500b4539e0a1e3afba9f0e1616bdad4f85", "type": "github" }, "original": { @@ -27,11 +27,11 @@ ] }, "locked": { - "lastModified": 1768764703, - "narHash": "sha256-5ulSDyOG1U+1sJhkJHYsUOWEsmtLl97O0NTVMvgIVyc=", + "lastModified": 1770184146, + "narHash": "sha256-DsqnN6LvXmohTRaal7tVZO/AKBuZ02kPBiZKSU4qa/k=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "0fc4e7ac670a0ed874abacf73c4b072a6a58064b", + "rev": "0d7874ef7e3ba02d58bebb871e6e29da36fa1b37", "type": "github" }, "original": { @@ -42,16 +42,16 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1767313136, - "narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=", - "ref": "nixos-25.05", - "rev": "ac62194c3917d5f474c1a844b6fd6da2db95077d", + "lastModified": 1770136044, + "narHash": "sha256-tlFqNG/uzz2++aAmn4v8J0vAkV3z7XngeIIB3rM3650=", + "ref": "nixos-25.11", + "rev": "e576e3c9cf9bad747afcddd9e34f51d18c855b4e", "shallow": true, "type": "git", "url": "https://github.com/NixOS/nixpkgs" }, "original": { - "ref": "nixos-25.05", + "ref": "nixos-25.11", "shallow": true, "type": "git", "url": "https://github.com/NixOS/nixpkgs" @@ -59,10 +59,10 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1769740369, - "narHash": "sha256-xKPyJoMoXfXpDM5DFDZDsi9PHArf2k5BJjvReYXoFpM=", + "lastModified": 1770141374, + "narHash": "sha256-yD4K/vRHPwXbJf5CK3JkptBA6nFWUKNX/jlFp2eKEQc=", "ref": "nixpkgs-unstable", - "rev": "6308c3b21396534d8aaeac46179c14c439a89b8a", + "rev": "41965737c1797c1d83cfb0b644ed0840a6220bd1", "shallow": true, "type": "git", "url": "https://github.com/NixOS/nixpkgs" @@ -90,11 +90,11 @@ ] }, "locked": { - "lastModified": 1769691507, - "narHash": "sha256-8aAYwyVzSSwIhP2glDhw/G0i5+wOrren3v6WmxkVonM=", + "lastModified": 1770228511, + "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "28b19c5844cc6e2257801d43f2772a4b4c050a1b", + "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7", "type": "github" }, "original": { diff --git a/dev/private/flake.nix b/dev/private/flake.nix index 3dbd77d..72b4825 100644 --- a/dev/private/flake.nix +++ b/dev/private/flake.nix @@ -1,7 +1,7 @@ { description = "private inputs"; - inputs.nixpkgs-stable.url = "git+https://github.com/NixOS/nixpkgs?shallow=1&ref=nixos-25.05"; + inputs.nixpkgs-stable.url = "git+https://github.com/NixOS/nixpkgs?shallow=1&ref=nixos-25.11"; inputs.nixpkgs-unstable.url = "git+https://github.com/NixOS/nixpkgs?shallow=1&ref=nixpkgs-unstable"; diff --git a/flake.nix b/flake.nix index d89bf7b..b7c5fe4 100644 --- a/flake.nix +++ b/flake.nix @@ -97,7 +97,7 @@ suffix-version = version: attrs: nixpkgs.lib.mapAttrs' (name: value: nixpkgs.lib.nameValuePair (name + version) value) attrs; - suffix-stable = suffix-version "-25_05"; + suffix-stable = suffix-version "-25_11"; in { home-manager = self.legacyPackages.${system}.homeConfigurations.sops.activation-script; @@ -107,7 +107,7 @@ // nixpkgs.lib.optionalAttrs pkgs.stdenv.isLinux (suffix-stable tests-stable) // nixpkgs.lib.optionalAttrs pkgs.stdenv.isDarwin { darwin-sops = - self.darwinConfigurations."sops-${pkgs.hostPlatform.darwinArch}".config.system.build.toplevel; + self.darwinConfigurations."sops-${pkgs.stdenv.hostPlatform.darwinArch}".config.system.build.toplevel; } ); diff --git a/go.mod b/go.mod index 010ea46..78f4441 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/Mic92/sops-nix -go 1.24.0 +go 1.25.0 require ( github.com/Mic92/ssh-to-age v0.0.0-20240115094500-460a2109aaf0 diff --git a/modules/sops/default.nix b/modules/sops/default.nix index 6a2197a..47e022d 100644 --- a/modules/sops/default.nix +++ b/modules/sops/default.nix @@ -30,7 +30,7 @@ let regularTemplates = cfg.templates; withEnvironment = import ./with-environment.nix { - # sops >=3.10.0 now unconditionally searches + # sops >=3.10.0 now unconditionally searches # for an SSH key in $HOME/.ssh/, introduced in #1692 [0]. Since in the # activation script $HOME is never set, it just spits out a slew a # warnings [1]. diff --git a/pkgs/sops-import-keys-hook/default.nix b/pkgs/sops-import-keys-hook/default.nix index 940968c..d029e4f 100644 --- a/pkgs/sops-import-keys-hook/default.nix +++ b/pkgs/sops-import-keys-hook/default.nix @@ -2,24 +2,15 @@ makeSetupHook, gnupg, sops, - lib, }: -let - # FIXME: drop after 23.05 - propagatedBuildInputs = - if (lib.versionOlder (lib.versions.majorMinor lib.version) "23.05") then - "deps" - else - "propagatedBuildInputs"; -in -(makeSetupHook { +makeSetupHook { name = "sops-import-keys-hook"; substitutions = { gpg = "${gnupg}/bin/gpg"; }; - ${propagatedBuildInputs} = [ + propagatedBuildInputs = [ sops gnupg ]; -} ./sops-import-keys-hook.bash) +} ./sops-import-keys-hook.bash diff --git a/pkgs/sops-install-secrets/darwin.go b/pkgs/sops-install-secrets/darwin.go index 56359a4..0ec7c52 100644 --- a/pkgs/sops-install-secrets/darwin.go +++ b/pkgs/sops-install-secrets/darwin.go @@ -1,5 +1,4 @@ //go:build darwin -// +build darwin package main diff --git a/pkgs/sops-install-secrets/default.nix b/pkgs/sops-install-secrets/default.nix index 4860bd0..71f2489 100644 --- a/pkgs/sops-install-secrets/default.nix +++ b/pkgs/sops-install-secrets/default.nix @@ -1,11 +1,11 @@ { lib, - buildGo124Module, + buildGo125Module, stdenv, vendorHash, go, }: -buildGo124Module { +buildGo125Module { pname = "sops-install-secrets"; version = "0.0.1"; diff --git a/pkgs/sops-install-secrets/linux.go b/pkgs/sops-install-secrets/linux.go index 92ffd82..2e8175c 100644 --- a/pkgs/sops-install-secrets/linux.go +++ b/pkgs/sops-install-secrets/linux.go @@ -1,5 +1,4 @@ //go:build linux -// +build linux package main @@ -8,8 +7,8 @@ import ( "fmt" "os" - "golang.org/x/sys/unix" "github.com/moby/sys/mountinfo" + "golang.org/x/sys/unix" ) func RuntimeDir() (string, error) { diff --git a/pkgs/sops-install-secrets/main_test.go b/pkgs/sops-install-secrets/main_test.go index ef9355c..86c6726 100644 --- a/pkgs/sops-install-secrets/main_test.go +++ b/pkgs/sops-install-secrets/main_test.go @@ -1,5 +1,4 @@ //go:build linux || darwin -// +build linux darwin package main