pkg/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2025-12-26 14:14:58 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
925 commits 17 branches 1 tag 2.6 MiB
Commit graph

925 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jörg Thalheim
a43bb04209 fix vendor hash 2024-11-24 18:29:59 +01:00
Jörg Thalheim
b93e7c42ee default.nix: don't use rec 2024-11-24 18:29:59 +01:00
Jörg Thalheim
915b7c3c0e move lint and cross-build to flake.nix 2024-11-24 18:29:59 +01:00
Jörg Thalheim
563411a342 unit-test: pass in sops-install-secrets via callPackage 2024-11-24 18:29:59 +01:00
Jörg Thalheim
1674c94dc0 enable more golangci-lint checks 2024-11-24 18:29:59 +01:00
Jörg Thalheim
a2b11a4b86 ingore recvcheck lint for FormatType 2024-11-24 18:29:59 +01:00
Jörg Thalheim
c4a672fdec importAgeSSHKeys never returnss an error 2024-11-24 18:29:59 +01:00
Jörg Thalheim
035bd53bb7 avoid various type conversions i.e. int -> uint32 2024-11-24 18:29:59 +01:00
Jörg Thalheim
17bc7838d8 use switch case where possible 2024-11-24 16:55:22 +01:00
Jörg Thalheim
fa1c48a0c0 check for is dry activation in one place 2024-11-24 16:55:22 +01:00
Jörg Thalheim
35a86416aa always check for errors on type casting 2024-11-24 16:55:22 +01:00
Jörg Thalheim
1f66022025 don't use named returns 2024-11-24 16:55:22 +01:00
Jörg Thalheim
fc20a8fdf9 add newlines before return 2024-11-24 16:55:22 +01:00
Jörg Thalheim
1b8016259b don't capatalize errors 2024-11-24 16:55:22 +01:00
Jörg Thalheim
3e7cba9a38 wrap all external errors 2024-11-24 16:55:22 +01:00
Jörg Thalheim
d1b8b2a00a fix wsl lints 2024-11-24 15:39:10 +01:00
Jörg Thalheim
4bc1bfdec2 tests: avoid type shadowing 2024-11-24 15:39:10 +01:00
Jörg Thalheim
14753257fb tests: avoid sprint for simple string concatination 2024-11-24 15:39:10 +01:00
Jörg Thalheim
f57a556af4 apply golangci-lints 2024-11-24 15:39:10 +01:00
Jörg Thalheim
d5e0983eb9 tests: move NOBODY/NOGROUP into a constant 2024-11-24 15:39:10 +01:00
Jörg Thalheim
582b2a8300 remove space before nolint 2024-11-24 15:39:10 +01:00
Jörg Thalheim
4d5d1b7559 fix wsl lints 2024-11-24 15:39:10 +01:00
Jörg Thalheim
975c685308 unittest: set t.Helper() and t.Parallel() 2024-11-24 15:39:10 +01:00
Jörg Thalheim
ae893d14fb hook_test: fix linter errors 2024-11-24 15:39:10 +01:00
Jörg Thalheim
3ba597a5e6 remove sops-pgp-hook 2024-11-24 15:39:10 +01:00
Jörg Thalheim
9190dee408 sops-pgp-hook: set parallel and helper 2024-11-24 15:39:10 +01:00
Jörg Thalheim
15541d542b bump go version to 1.22 2024-11-24 15:39:10 +01:00
Jörg Thalheim
887d4b7322 enable gofumpt 2024-11-24 15:39:10 +01:00
Jörg Thalheim
a33e8cc43f enable shellcheck 2024-11-24 15:39:10 +01:00
Jörg Thalheim
7b60015dd5 reformat with treefmt 2024-11-24 15:39:10 +01:00
Jörg Thalheim
76aa784427 delete duplicate shell.nix 2024-11-24 15:39:10 +01:00
Jörg Thalheim
5d6bbabd23 add treefmt 2024-11-24 15:39:10 +01:00
Mergify
53c853fb1a ci(mergify): upgrade configuration to current format 2024-11-21 11:49:09 +01:00
Jared Baur
e39947d0ee allow for missing switch-to-configuration directory 
NixOS' switch-to-configuration program creates the /run/nixos directory,
which may not be present if `system.switch.enable` is `false`.
 2024-11-18 18:23:53 +00:00
Jörg Thalheim
472741cf3f
fix eval of tests (#674) 2024-11-17 16:51:52 +00:00
Jörg Thalheim
0ec0d5d3c5 remove obsolete sops-pgp-hook alias 2024-11-17 15:33:42 +01:00
Jörg Thalheim
799b572ef1 move checks out of pkgs 2024-11-17 15:33:42 +01:00
Jörg Thalheim
420737291e load devshell from flake 2024-11-17 15:33:42 +01:00
Jörg Thalheim
793c07f331 nix-darwin: fix shellcheck warning of activation script 2024-11-17 14:41:25 +01:00
Jörg Thalheim
1c75c1c13a fix darwin evaluation 2024-11-17 14:41:25 +01:00
Jörg Thalheim
fe6a1bb922 add home-manager and sops-nix to ci 2024-11-17 14:41:25 +01:00
Jörg Thalheim
dfcebb55c8 only export nixos tests on Linux 2024-11-17 13:20:58 +01:00
Jörg Thalheim
5f3869dfd2 update github action to also update private flake 2024-11-17 13:20:58 +01:00
Jörg Thalheim
7769727634 move nixpkgs-stable to private flake inputs 
now with home-manager and nix-darwin tests, we don't want to increase
the number of dependencies a user has to override in their flake.lock.
 2024-11-17 13:20:58 +01:00
Jörg Thalheim
d76a2f002f nix-darwin: remove unused variable 2024-11-17 13:20:58 +01:00
Jörg Thalheim
6b85086bcc reformat code base with nixfmt 2024-11-17 12:22:59 +01:00
Jörg Thalheim
b05bdb2650 nix-darwin: fix evaluation with templates 2024-11-17 11:10:46 +00:00
Jörg Thalheim
a7b8f0feb7 define templates for home-manager 2024-11-17 11:06:56 +00:00
Jeremy Fleischman
eee831aadb Do not render templates when decrypting neededForUsers secrets 
This fixes https://github.com/Mic92/sops-nix/issues/659

In https://github.com/Mic92/sops-nix/pull/649, we started rendering
templates twice:

1. When rendering `neededForUsers` secrets (if there are any
   `neededForUsers` secrets).
2. When decrypting "regular" secrets.

This alone was weird and wrong, but didn't cause issues
for people until https://github.com/Mic92/sops-nix/pull/655, which
triggered https://github.com/Mic92/sops-nix/issues/659. The cause is not
super obvious:

1. When rendering `neededForUsers` secrets, we'd generate templates in
   `/run/secrets-for-users/rendered`.
2. However, the `path` for these templates is in
   `/run/secrets/rendered`, which is not inside of the
   `/run/secrets-for-users` directory we're dealing with, so we'd
   generate a symlink from `/run/secrets/rendered/<foo>` to
   `/run/secrets-for-users/rendered/<foo>`, which required making
   the parent directory of the symlink (`/run/secrets/rendered/`).
3. This breaks sops-nix's assumption that `/run/secrets` either doesn't
   exist, or is a symlink, and you get the symptoms described in
   <https://github.com/Mic92/sops-nix/issues/659>.

Reproducing this in a test was straightforward: just expand our existing
template test to also have a `neededForUsers` secret.

Fixing this was also straightforward: don't render templates during the
`neededForUsers` phase (if we want to add support for `neededForUsers`
templates in the future, that would be straightforward to do, but I
opted not do that here).
 2024-11-17 06:19:41 +00:00
sops-nix-bot
47fc1d8c72
flake.lock: Update (#658) 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/2d2a9ddbe3f2c00747398f3dc9b05f7f2ebb0f53?narHash=sha256-B5WRZYsRlJgwVHIV6DvidFN7VX7Fg9uuwkRW9Ha8z%2Bw%3D' (2024-10-30)
  → 'github:NixOS/nixpkgs/c69a9bffbecde46b4b939465422ddc59493d3e4d?narHash=sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk%3D' (2024-11-16)
• Updated input 'nixpkgs-stable':
    'github:NixOS/nixpkgs/3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c?narHash=sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY%3D' (2024-11-03)
  → 'github:NixOS/nixpkgs/e8c38b73aeb218e27163376a2d617e61a2ad9b59?narHash=sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g%3D' (2024-11-16)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
 2024-11-17 03:30:39 +00:00