RGBCube/agenix
1
Fork 0
mirror of https://github.com/RGBCube/agenix synced 2025-07-28 17:27:45 +00:00
Code Issues Activity Actions

Merge branch 'master' of github.com:ryantm/age-nix into master

Browse source
This commit is contained in:
Ryan Mulligan 2020-11-20 17:55:23 -08:00
commit baf623214b
5 changed files with 77 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

5
modules/age.nix
View file

@ -4,6 +4,9 @@ with lib;
let
cfg = config.age;
rage = pkgs.callPackage ../pkgs/rage.nix {};
ageBin = "${rage}/bin/rage";
users = config.users.users;
identities = builtins.concatStringsSep " " (map (path: "-i ${path}") cfg.sshKeyPaths);
@ -11,7 +14,7 @@ let
echo "decrypting ${secretType.file} to ${secretType.path}..."
TMP_FILE="${secretType.path}.tmp"
mkdir -p $(dirname ${secretType.path})
(umask 0400; ${pkgs.age}/bin/age --decrypt ${identities} -o "$TMP_FILE" "${secretType.file}")
(umask 0400; ${ageBin} --decrypt ${identities} -o "$TMP_FILE" "${secretType.file}")
chmod ${secretType.mode} "$TMP_FILE"
chown ${secretType.owner}:${secretType.group} "$TMP_FILE"
mv -f "$TMP_FILE" '${secretType.path}'