ryantm/agenix
1
1
Fork 0
mirror of https://github.com/ryantm/agenix.git synced 2024-07-14 17:30:27 +03:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: ryantm:a5a3e40e943f9f3efa20bece5790c9323588710b
Branches Tags
ryantm:main
ryantm:rtm-5-25-flake-lock-checker
ryantm:rtm-2-20-pipe-better
ryantm:python-test-module
ryantm:0.15.0
ryantm:0.14.0
ryantm:0.13.0
ryantm:0.12.0
ryantm:0.11.0
ryantm:0.10.1
ryantm:0.10.0
ryantm:0.9
ryantm:0.8
ryantm:0.7
ryantm:0.6
ryantm:0.5
...
compare: ryantm:9d1235c097eb9a84023a84f5026dbd43feb63c9f
Branches Tags
ryantm:main
ryantm:rtm-5-25-flake-lock-checker
ryantm:rtm-2-20-pipe-better
ryantm:python-test-module
ryantm:0.15.0
ryantm:0.14.0
ryantm:0.13.0
ryantm:0.12.0
ryantm:0.11.0
ryantm:0.10.1
ryantm:0.10.0
ryantm:0.9
ryantm:0.8
ryantm:0.7
ryantm:0.6
ryantm:0.5

4 Commits
a5a3e40e94 ... 9d1235c097

Author SHA1 Message Date
Félinàun Chapeau
9d1235c097
Merge bc5eaf40ca into 3a56735779 2024-06-24 16:24:02 +00:00
Ryan Mulligan
3a56735779
Merge pull request #187 from oddlama/main 
fix: always treat link destinations as files to ensure an error when the destination is a directory
 2024-06-14 06:18:04 -07:00
oddlama
08ed896eb6
fix: always treat link destinations as files to ensure error when destination is a directory. 
This can happen if for example a secret is used in the initrd, which
materializes it as a directory, which then causes agenix to silently
create an incorrect link when switching to stage2. This ensures that
agenix will abort with an error.
 2024-05-21 15:08:15 +02:00
Félinàun Chapeau
bc5eaf40ca
Turn module into file path. 
If a module is an attrset deduplicating imports does not work properly
and would lead to the module system complaining about redefining
options. Here is an example:

error: The option `age.identityPaths' in `/nix/store/wn50ysifrfp5qj5pp3jqpyvwh8ksz36y-source/machines/foo' is already declared in `/nix/store/wn50ysifrfp5qj5pp3jqpyvwh8ksz36y-source/common/ddclient/default.nix'.

when common/ddclient/default.nix and machines/foo/default.nix is:

{ ..., agenix, ... }: {
  imports = [
    agenix.nixosModules.age
  ];
}

Turning the module into a filepath fixes the issue.
 2024-02-05 09:48:19 +01:00
3 changed files with 7 additions and 7 deletions
Show Stats Expand all files Collapse all files

6
flake.nix
View File

@ -23,13 +23,13 @@
}: let
eachSystem = nixpkgs.lib.genAttrs (import systems);
in {
nixosModules.age = import ./modules/age.nix;
nixosModules.age = ./modules/age.nix;
nixosModules.default = self.nixosModules.age;
darwinModules.age = import ./modules/age.nix;
darwinModules.age = ./modules/age.nix;
darwinModules.default = self.darwinModules.age;
homeManagerModules.age = import ./modules/age-home.nix;
homeManagerModules.age = ./modules/age-home.nix;
homeManagerModules.default = self.homeManagerModules.age;
overlays.default = import ./overlay.nix;

4
modules/age-home.nix
View File

@ -61,7 +61,7 @@ with lib; let
${optionalString secretType.symlink ''
# shellcheck disable=SC2193,SC2050
[ "${secretType.path}" != "${cfg.secretsDir}/${secretType.name}" ] && ln -sfn "${cfg.secretsDir}/${secretType.name}" "${secretType.path}"
[ "${secretType.path}" != "${cfg.secretsDir}/${secretType.name}" ] && ln -sfT "${cfg.secretsDir}/${secretType.name}" "${secretType.path}"
''}
'';
@ -76,7 +76,7 @@ with lib; let
_agenix_generation="$(basename "$(readlink "${cfg.secretsDir}")" || echo 0)"
(( ++_agenix_generation ))
echo "[agenix] symlinking new secrets to ${cfg.secretsDir} (generation $_agenix_generation)..."
ln -sfn "${cfg.secretsMountPoint}/$_agenix_generation" "${cfg.secretsDir}"
ln -sfT "${cfg.secretsMountPoint}/$_agenix_generation" "${cfg.secretsDir}"
(( _agenix_generation > 1 )) && {
echo "[agenix] removing old secrets (generation $(( _agenix_generation - 1 )))..."

4
modules/age.nix
View File

@ -88,7 +88,7 @@ with lib; let
mv -f "$TMP_FILE" "$_truePath"
${optionalString secretType.symlink ''
[ "${secretType.path}" != "${cfg.secretsDir}/${secretType.name}" ] && ln -sfn "${cfg.secretsDir}/${secretType.name}" "${secretType.path}"
[ "${secretType.path}" != "${cfg.secretsDir}/${secretType.name}" ] && ln -sfT "${cfg.secretsDir}/${secretType.name}" "${secretType.path}"
''}
'';
@ -103,7 +103,7 @@ with lib; let
_agenix_generation="$(basename "$(readlink ${cfg.secretsDir})" || echo 0)"
(( ++_agenix_generation ))
echo "[agenix] symlinking new secrets to ${cfg.secretsDir} (generation $_agenix_generation)..."
ln -sfn "${cfg.secretsMountPoint}/$_agenix_generation" ${cfg.secretsDir}
ln -sfT "${cfg.secretsMountPoint}/$_agenix_generation" ${cfg.secretsDir}
(( _agenix_generation > 1 )) && {
echo "[agenix] removing old secrets (generation $(( _agenix_generation - 1 )))..."