RGBCube/agenix
1
Fork 0
mirror of https://github.com/RGBCube/agenix synced 2025-07-29 17:57:45 +00:00
Code Issues Activity Actions

use unstable verison of rage in place of age

Browse source 
* age limits the number of recipients to 20
* the latest release of rage (0.4.0) doesn't work with ssh-rsa keys
This commit is contained in:
Ryan Mulligan 2020-09-18 11:59:01 -07:00
parent d2dc883f3a
commit 07ce686870
5 changed files with 74 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

5
modules/age.nix
View file

@ -4,12 +4,15 @@ with lib;
let
cfg = config.age;
rage = pkgs.callPackage ../pkgs/rage.nix {};
ageBin = "${rage}/bin/rage";
users = config.users.users;
identities = builtins.concatStringsSep " " (map (path: "-i ${path}") cfg.sshKeyPaths);
installSecret = secretType: ''
TMP_FILE="${secretType.path}.tmp"
(umask 0400; ${pkgs.age}/bin/age --decrypt ${identities} -o "$TMP_FILE" "${secretType.file}")
(umask 0400; ${ageBin} --decrypt ${identities} -o "$TMP_FILE" "${secretType.file}")
chmod ${secretType.mode} "$TMP_FILE"
chown ${secretType.owner}:${secretType.group} "$TMP_FILE"
mv -f "$TMP_FILE" '${secretType.path}'