pkg/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2025-12-26 22:24:59 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

fix documentation and assertions for age.keyFile

Browse source
This commit is contained in:
Jörg Thalheim 2021-09-30 06:59:08 +02:00
parent c5e0f55d8d
commit e0e57da497
1 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
modules/sops/default.nix
View file

@ -190,8 +190,11 @@ in {
];
config = mkIf (cfg.secrets != {}) {
assertions = [{
assertion = (cfg.age.keyFile == null && cfg.age.sshKeyPaths == []) -> (cfg.gnupg.home == null) != (cfg.gnupg.sshKeyPaths == []);
message = "Exactly one of sops.gnupg.home and sops.gnupg.sshKeyPaths must be set for gnupg mode";
assertion = cfg.gnupg.home != null || cfg.gnupg.sshKeyPaths != [] || cfg.age.keyFile != null || cfg.age.sshKeyPaths != [];
message = "No key source configurated for sops";
} {
assertion = !(cfg.gnupg.home != null && cfg.gnupg.sshKeyPaths != []);
message = "Exactly one of sops.gnupg.home and sops.gnupg.sshKeyPaths must be set";
}] ++ optionals cfg.validateSopsFiles (
concatLists (mapAttrsToList (name: secret: [{
assertion = builtins.pathExists secret.sopsFile;