pkg/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2026-02-04 03:53:50 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
1134 commits 17 branches 1 tag 3 MiB
Commit graph

1134 commits

This branch
This branch
All branches
Author SHA1 Message Date
Sandro
17eea6f381
Merge pull request #903 from quantenzitrone/fix-string-escapes
Some checks are pending
Test / tests (push) Waiting to run
Details 
sops-install-secrets: fix broken string escape
 2026-02-03 20:11:21 +01:00
quantenzitrone
487e26b164
sops-install-secrets: fix broken string escape 2026-02-03 11:40:06 +01:00
Jörg Thalheim
f990b0a334
Merge pull request #891 from ananthb/fix/darwin-launchagent-path
Some checks are pending
Test / tests (push) Waiting to run
Details 
fix(home-manager): ensure system paths in LaunchAgent PATH on Darwin
 2026-02-03 10:18:38 +01:00
Ananth Bhaskararaman
134db5744b fix(home-manager): ensure system paths in LaunchAgent PATH on Darwin 
The LaunchAgent on macOS failed when no age plugins were configured
because PATH was empty, causing sops-install-secrets to fail finding
'getconf' at /usr/bin/getconf.

Fixes #890
 2026-02-03 10:17:04 +01:00
github-actions[bot]
1e89149dcf
Merge pull request #902 from Mic92/create-pull-request/patch 
Update flakes
 2026-02-01 04:54:39 +00:00
Mic92
4ee85fd258 [create-pull-request] automated change 2026-02-01 04:53:03 +00:00
github-actions[bot]
c5eebd4eb2
Merge pull request #901 from Mic92/dependabot/go_modules/golang.org/x/crypto-0.47.0
Some checks failed
Test / tests (push) Has been cancelled
Details 
Bump golang.org/x/crypto from 0.46.0 to 0.47.0
 2026-01-26 23:23:49 +00:00
dependabot[bot]
c97a8b4934 update vendorHash 2026-01-26 23:18:01 +00:00
dependabot[bot]
4d94b644a9
Bump golang.org/x/crypto from 0.46.0 to 0.47.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.46.0 to 0.47.0.
- [Commits](https://github.com/golang/crypto/compare/v0.46.0...v0.47.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.47.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-26 23:16:46 +00:00
github-actions[bot]
2eb9eed7ef
Merge pull request #900 from Mic92/create-pull-request/patch
Some checks failed
Test / tests (push) Has been cancelled
Details 
Update flakes
 2026-01-25 04:12:13 +00:00
Mic92
8a1e706892 [create-pull-request] automated change 2026-01-25 04:08:08 +00:00
github-actions[bot]
c7067be8db
Merge pull request #899 from Mic92/dependabot/go_modules/golang.org/x/sys-0.40.0
Some checks failed
Test / tests (push) Has been cancelled
Details 
Bump golang.org/x/sys from 0.39.0 to 0.40.0
 2026-01-19 23:00:06 +00:00
dependabot[bot]
613af04db5 update vendorHash 2026-01-19 22:54:28 +00:00
dependabot[bot]
8d107b5a17
Bump golang.org/x/sys from 0.39.0 to 0.40.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.39.0 to 0.40.0.
- [Commits](https://github.com/golang/sys/compare/v0.39.0...v0.40.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-19 22:53:14 +00:00
github-actions[bot]
5e8fae8072
Merge pull request #898 from Mic92/create-pull-request/patch
Some checks failed
Test / tests (push) Has been cancelled
Details 
Update flakes
 2026-01-18 04:07:35 +00:00
Mic92
4eddd88de6 [create-pull-request] automated change 2026-01-18 04:00:03 +00:00
Jörg Thalheim
e085e303df
Merge pull request #895 from Mic92/SuperSandro2000-patch-2
Some checks failed
Test / tests (push) Has been cancelled
Details 
Update key option description
 2026-01-15 13:48:11 +01:00
Sandro
5abd6a4f04
Update key option description 2026-01-15 13:36:35 +01:00
github-actions[bot]
691b8b6713
Merge pull request #894 from Mic92/dependabot/go_modules/gopkg.in/ini.v1-1.67.1
Some checks failed
Test / tests (push) Has been cancelled
Details 
Bump gopkg.in/ini.v1 from 1.67.0 to 1.67.1
 2026-01-13 02:35:04 +00:00
dependabot[bot]
241456f395 update vendorHash 2026-01-13 02:29:36 +00:00
dependabot[bot]
48cd0a425d
Bump gopkg.in/ini.v1 from 1.67.0 to 1.67.1 
Bumps gopkg.in/ini.v1 from 1.67.0 to 1.67.1.

---
updated-dependencies:
- dependency-name: gopkg.in/ini.v1
  dependency-version: 1.67.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-13 02:28:21 +00:00
github-actions[bot]
94f9cbd20f
Merge pull request #889 from Mic92/create-pull-request/patch
Some checks failed
Test / tests (push) Has been cancelled
Details 
Update flakes
 2026-01-11 04:07:51 +00:00
Mic92
452dcb736a [create-pull-request] automated change 2026-01-11 04:04:44 +00:00
Jörg Thalheim
a8cfe238b9
Merge pull request #781 from NovaViper/age-plugin
Some checks are pending
Test / tests (push) Waiting to run
Details 
feat: add age plugin support, take 2
 2026-01-10 09:06:29 +01:00
NovaViper
899e202643 feat: add age plugin and fido2 hmac support 
Co-authored-by: brianmcgee <brian@41north.dev>
 2026-01-10 09:04:48 +01:00
Jörg Thalheim
d7593b87b0
Merge pull request #888 from Mic92/FabrizioRomanoGenovese-master 
gnupg: add package option to allow custom gnupg versions
 2026-01-10 08:53:55 +01:00
Jörg Thalheim
45115f12ae add cache.thalheim.io in ci 2026-01-10 08:53:08 +01:00
Jörg Thalheim
0809aa0ae7 unit-test: convert to shell app 
I saw the exit status in ci was actually ignored.
 2026-01-10 08:53:08 +01:00
Fabrizio Romano Genovese
39c667d73c gnupg: add package option to allow custom gnupg versions 
Add sops.gnupg.package option to NixOS, home-manager, and nix-darwin
modules, allowing users to specify a custom gnupg package instead of
the default pkgs.gnupg.

This enables use of bleeding-edge GPG versions with post-quantum
encryption algorithms like Kyber, addressing "store now, decrypt
later" threat models.
 2026-01-10 08:53:08 +01:00
Jörg Thalheim
57e2d9ef84
Merge pull request #882 from nazarewk/push-qqvmsowmnqtx 
sops-install-secrets: create /run/secrets link before chowning it
 2026-01-10 08:40:03 +01:00
Krzysztof Nazarewski
2dd505705c sops-install-secrets: create /run/secrets link before chowning it 
fixes https://github.com/Mic92/sops-nix/issues/881
 2026-01-10 08:34:57 +01:00
Jörg Thalheim
ea3adcb6d2
Merge pull request #886 from Mic92/SuperSandro2000-patch-2
Some checks failed
Test / tests (push) Has been cancelled
Details 
Remove plain annoying toolchain directive
 2026-01-07 22:54:51 +00:00
Sandro
cadaac2e78
Remove plain annoying toolchain directive 2026-01-07 23:35:01 +01:00
github-actions[bot]
ecc4150594
Merge pull request #884 from Mic92/create-pull-request/patch
Some checks failed
Test / tests (push) Has been cancelled
Details 
Update flakes
 2026-01-04 04:10:57 +00:00
Mic92
ba5820559b [create-pull-request] automated change 2026-01-04 04:05:17 +00:00
github-actions[bot]
61b39c7b65
Merge pull request #880 from Mic92/create-pull-request/patch
Some checks failed
Test / tests (push) Has been cancelled
Details 
Update flakes
 2025-12-28 04:08:25 +00:00
Mic92
cce6d82405 [create-pull-request] automated change 2025-12-28 04:01:59 +00:00
github-actions[bot]
9836912e37
Merge pull request #878 from Mic92/create-pull-request/patch
Some checks failed
Test / tests (push) Has been cancelled
Details 
Update flakes
 2025-12-21 03:59:35 +00:00
Mic92
1a65e3368e [create-pull-request] automated change 2025-12-21 03:52:39 +00:00
github-actions[bot]
443a7f2e7e
Merge pull request #875 from Mic92/dependabot/github_actions/peter-evans/create-pull-request-8
Some checks failed
Test / tests (push) Has been cancelled
Details 
Bump peter-evans/create-pull-request from 7 to 8
 2025-12-15 22:02:53 +00:00
dependabot[bot]
e5eee58ef0
Bump peter-evans/create-pull-request from 7 to 8 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7 to 8.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v7...v8)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-15 22:00:55 +00:00
github-actions[bot]
94d8af61d8
Merge pull request #873 from Mic92/create-pull-request/patch
Some checks failed
Test / tests (push) Has been cancelled
Details 
Update flakes
 2025-12-14 04:00:37 +00:00
Mic92
a46c7caf5f [create-pull-request] automated change 2025-12-14 03:52:04 +00:00
Jörg Thalheim
496a6f625f
Merge pull request #866 from gumball76/master
Some checks failed
Test / tests (push) Has been cancelled
Details 
README: fix Home Manager Systemd unit configuration
 2025-12-12 16:27:06 +01:00
gumball76
207df45fb4 README: fix Home Manager Systemd unit configuration 
Since Home Manager relies on the naming scheme used by Systemd, the
current way to set a dependent service defined in the README fails as
Systemd doesn't support it.
 2025-12-12 16:23:57 +01:00
Jörg Thalheim
5745e46834
Merge pull request #871 from Ma27/fix-systemd-service-ordering 
modules/sops: re-run sops-install-secrets.service at sysinit-reactivation.target
 2025-12-12 16:23:38 +01:00
Maximilian Bosch
645fa1c3ef
modules/sops: re-run sops-install-secrets.service at sysinit-reactivation.target 
Consider the following case: a service (`gitlab-runner.service` in this case) gets
a new secret that is installed via sops and will be reloaded on a switch. Right
now this would fail like this:

    machine | updating GRUB 2 menu...
    machine | stopping the following units: sops-install-secrets.service
    machine | activating the configuration...
    machine | setting up /etc...
    [...]
    machine | restarting sysinit-reactivation.target
    machine | reloading the following units: dbus-broker.service, gitlab-runner.service
    machine | restarting the following units: polkit.service
    machine | starting the following units: sops-install-secrets.service

Here, the reload happens _before_ running `sops-install-secrets.service`
which means that the newly added secret doesn't exist yet and thus the
reload fails.

This change makes sure the service is started when running
`sysinit-reactivation.target`, i.e. before stc-ng reloads other
services. This is what sysusers already does, so the objective of
running after sysusers is still met.

Also, added an `After=userborn.service` to make sure it's also ordered
after userborn if necessary.

Thank you WilliButz for reminding me that `sysinit-reactivation.target`
exists and is most likely the culprit of that!
 2025-12-11 11:56:01 +01:00
github-actions[bot]
7fd1416aba
Merge pull request #870 from Mic92/dependabot/go_modules/golang.org/x/crypto-0.46.0
Some checks failed
Test / tests (push) Has been cancelled
Details 
Bump golang.org/x/crypto from 0.45.0 to 0.46.0
 2025-12-08 22:08:38 +00:00
dependabot[bot]
215ba65333 update vendorHash 2025-12-08 22:02:51 +00:00
dependabot[bot]
0c1d819913
Bump golang.org/x/crypto from 0.45.0 to 0.46.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.45.0 to 0.46.0.
- [Commits](https://github.com/golang/crypto/compare/v0.45.0...v0.46.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.46.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-08 22:01:27 +00:00