feat: switch from rage to age

Why === * Someone said age works better with password protected keys, requiring entering the password less often. * We switched to rage from age in 07ce686870 because it was limiting recipients to 20. This was fixed https://github.com/FiloSottile/age/issues/139 What changed === * Switch from rage back to age (the reference implementation) in all the spots * Update the docs to show how to switch back to Rage * Skip keys that are empty files, which fixes the integration test.
2025-07-28 17:27:45 +00:00 · 2023-12-20 13:13:47 -08:00 · 2023-12-20 13:13:47 -08:00 · 5c1198a352
commit 5c1198a352
parent 9bc80dc4ce
6 changed files with 13 additions and 12 deletions
--- a/modules/age-home.nix
+++ b/modules/age-home.nix
@ -155,7 +155,7 @@ with lib; let
    '';
 in {
  options.age = {
-    package = mkPackageOption pkgs "rage" {};
+    package = mkPackageOption pkgs "age" {};

    secrets = mkOption {
      type = types.attrsOf secretType;
--- a/modules/age.nix
+++ b/modules/age.nix
@ -69,6 +69,7 @@ with lib; let
    IDENTITIES=()
    for identity in ${toString cfg.identityPaths}; do
      test -r "$identity" || continue
+      test -s "$identity" || continue
      IDENTITIES+=(-i)
      IDENTITIES+=("$identity")
    done
@ -189,9 +190,9 @@ in {
  options.age = {
    ageBin = mkOption {
      type = types.str;
-      default = "${pkgs.rage}/bin/rage";
+      default = "${pkgs.age}/bin/age";
      defaultText = literalExpression ''
-        "''${pkgs.rage}/bin/rage"
+        "''${pkgs.age}/bin/age"
      '';
      description = ''
        The age executable to use.