feat: works with sysuser

fix: darwin compatible chore: reformat fix: infrec chore: clean logic Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>
Merge pull request #187 from oddlama/main
2024-08-16 17:40:36 +03:00 · 2024-06-17 16:35:11 +00:00 · 2024-06-14 06:18:04 -07:00 · 2024-05-24 08:40:46 -06:00 · 2024-05-21 15:08:15 +02:00 · 2024-05-09 15:32:35 -06:00
4 changed files with 12 additions and 8 deletions
--- a/README.md
+++ b/README.md
@ -205,7 +205,7 @@ You can run the CLI tool ad-hoc without installing it:
 nix run github:ryantm/agenix -- --help
 ```

-But you can also add it permanently into a [NixOS module](https://nixos.wiki/wiki/NixOS_modules) 
+But you can also add it permanently into a [NixOS module](https://wiki.nixos.org/wiki/NixOS_modules)
 (replace system "x86_64-linux" with your system):

 ```nix
@ -445,7 +445,7 @@ Example:
 #### `age.secrets.<name>.symlink`

 `age.secrets.<name>.symlink` is a boolean. If true (the default),
-secrets are symlinked to `age.secrets.<name>.path`. If false, secerts
+secrets are symlinked to `age.secrets.<name>.path`. If false, secrets
 are copied to `age.secrets.<name>.path`. Usually, you want to keep
 this as true, because it secure cleanup of secrets no longer
 used. (The symlink will still be there, but it will be broken.) If
--- a/modules/age-home.nix
+++ b/modules/age-home.nix
@ -61,7 +61,7 @@ with lib; let

    ${optionalString secretType.symlink ''
      # shellcheck disable=SC2193,SC2050
-      [ "${secretType.path}" != "${cfg.secretsDir}/${secretType.name}" ] && ln -sfn "${cfg.secretsDir}/${secretType.name}" "${secretType.path}"
+      [ "${secretType.path}" != "${cfg.secretsDir}/${secretType.name}" ] && ln -sfT "${cfg.secretsDir}/${secretType.name}" "${secretType.path}"
    ''}
  '';

@ -76,7 +76,7 @@ with lib; let
    _agenix_generation="$(basename "$(readlink "${cfg.secretsDir}")" || echo 0)"
    (( ++_agenix_generation ))
    echo "[agenix] symlinking new secrets to ${cfg.secretsDir} (generation $_agenix_generation)..."
-    ln -sfn "${cfg.secretsMountPoint}/$_agenix_generation" "${cfg.secretsDir}"
+    ln -sfT "${cfg.secretsMountPoint}/$_agenix_generation" "${cfg.secretsDir}"

    (( _agenix_generation > 1 )) && {
    echo "[agenix] removing old secrets (generation $(( _agenix_generation - 1 )))..."
--- a/modules/age.nix
+++ b/modules/age.nix
@ -93,7 +93,7 @@ with lib; let
    mv -f "$TMP_FILE" "$_truePath"

    ${optionalString secretType.symlink ''
-      [ "${secretType.path}" != "${cfg.secretsDir}/${secretType.name}" ] && ln -sfn "${cfg.secretsDir}/${secretType.name}" "${secretType.path}"
+      [ "${secretType.path}" != "${cfg.secretsDir}/${secretType.name}" ] && ln -sfT "${cfg.secretsDir}/${secretType.name}" "${secretType.path}"
    ''}
  '';

@ -108,7 +108,7 @@ with lib; let
    _agenix_generation="$(basename "$(readlink ${cfg.secretsDir})" || echo 0)"
    (( ++_agenix_generation ))
    echo "[agenix] symlinking new secrets to ${cfg.secretsDir} (generation $_agenix_generation)..."
-    ln -sfn "${cfg.secretsMountPoint}/$_agenix_generation" ${cfg.secretsDir}
+    ln -sfT "${cfg.secretsMountPoint}/$_agenix_generation" ${cfg.secretsDir}

    (( _agenix_generation > 1 )) && {
    echo "[agenix] removing old secrets (generation $(( _agenix_generation - 1 )))..."
--- a/pkgs/agenix.nix
+++ b/pkgs/agenix.nix
@ -30,9 +30,13 @@ in
      shellcheck ${bin}
      ${bin} -h | grep ${version}

-      HOME=$(mktemp -d 2>/dev/null || mktemp -d -t 'mytmpdir')
+      test_tmp=$(mktemp -d 2>/dev/null || mktemp -d -t 'mytmpdir')
+      export HOME="$test_tmp/home"
+      export NIX_STORE_DIR="$test_tmp/nix/store"
+      export NIX_STATE_DIR="$test_tmp/nix/var"
+      mkdir -p "$HOME" "$NIX_STORE_DIR" "$NIX_STATE_DIR"
      function cleanup {
-        rm -rf $HOME
+        rm -rf "$test_tmp"
      }
      trap "cleanup" 0 2 3 15
Author	SHA1	Message	Date
oluceps	49e52fce0b	feat: works with sysuser fix: darwin compatible chore: reformat fix: infrec chore: clean logic Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>	2024-06-17 16:35:11 +00:00
Ryan Mulligan	3a56735779	Merge pull request #187 from oddlama/main fix: always treat link destinations as files to ensure an error when the destination is a directory	2024-06-14 06:18:04 -07:00
Nathan Henrie	c2fc0762bb	Merge pull request #241 from sternenseemann/nix-2.3-install-check agenix: fix installCheckPhase with Nix 2.3	2024-05-24 08:40:46 -06:00
oddlama	08ed896eb6	fix: always treat link destinations as files to ensure error when destination is a directory. This can happen if for example a secret is used in the initrd, which materializes it as a directory, which then causes agenix to silently create an incorrect link when switching to stage2. This ensures that agenix will abort with an error.	2024-05-21 15:08:15 +02:00
Nathan Henrie	8d37c5bdea	Merge pull request #259 from hansemschnokeloch/patch-1 Fix typo	2024-05-09 15:32:35 -06:00
hansemschnokeloch	63a57d8dfb	Fix typo	2024-05-09 22:25:29 +02:00
Jörg Thalheim	07479c2e73	update link to nixos wiki (#258 )	2024-05-07 10:12:37 -07:00
sternenseemann	1746e4f5ec	agenix: fix installCheckPhase with Nix 2.3 As opposed to e.g. Nix 2.18, Nix 2.3 doesn't try to create a fallback store in $HOME if $NIX_STORE_DIR and $NIX_STATE_DIR aren't writable.	2024-02-01 13:30:22 +01:00