Skip to content

Commit

Permalink
Merge pull request #230 from ryantm/rtm-12-20-age
Browse files Browse the repository at this point in the history
feat: switch from rage to age
  • Loading branch information
ryantm authored Dec 23, 2023
2 parents 9bc80dc + 6ce42cc commit 457669d
Show file tree
Hide file tree
Showing 9 changed files with 41 additions and 29 deletions.
20 changes: 14 additions & 6 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,21 +15,29 @@ jobs:
- run: nix fmt . -- --check
- run: nix flake check
tests-darwin:
runs-on: macos-11
runs-on: macos-12
steps:
- uses: actions/checkout@v3
- uses: cachix/install-nix-action@v22
- uses: cachix/install-nix-action@v24
with:
extra_nix_config: "system-features = nixos-test benchmark big-parallel kvm"
extra_nix_config: |
system-features = nixos-test recursive-nix benchmark big-parallel kvm
extra-experimental-features = recursive-nix nix-command flakes
- run: nix build
- run: nix build .#doc
- run: nix fmt . -- --check
- run: nix flake check
- name: "Install nix-darwin module"
run: |
system=$(nix build --no-link --print-out-paths .#checks.x86_64-darwin.integration)
${system}/activate-user
sudo ${system}/activate
# https://github.com/ryantm/agenix/pull/230#issuecomment-1867025385
sudo mv /etc/nix/nix.conf{,.bak}
nix \
--extra-experimental-features 'nix-command flakes' \
build .#checks.x86_64-darwin.integration
./result/activate-user
sudo ./result/activate
- name: "Test nix-darwin module"
run: |
sudo /run/current-system/sw/bin/agenix-integration
Expand Down
10 changes: 5 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ All files in the Nix store are readable by any system user, so it is not a suita

## Notices

* Password-protected ssh keys: since the underlying tool age/rage do not support ssh-agent, password-protected ssh keys do not work well. For example, if you need to rekey 20 secrets you will have to enter your password 20 times.
* Password-protected ssh keys: since age does not support ssh-agent, password-protected ssh keys do not work well. For example, if you need to rekey 20 secrets you will have to enter your password 20 times.

## Installation

Expand Down Expand Up @@ -487,7 +487,7 @@ Example of a secret with a name different from its attrpath:
#### `age.ageBin`

`age.ageBin` the string of the path to the `age` binary. Usually, you
don't need to change this. Defaults to `rage/bin/rage`.
don't need to change this. Defaults to `age/bin/age`.

Overriding `age.ageBin` example:

Expand Down Expand Up @@ -587,13 +587,13 @@ improved upon by reading the identities from the age file.)

#### Overriding age binary

The agenix CLI uses `rage` by default as its age implemenation, you
can use the reference implementation `age` with Flakes like this:
The agenix CLI uses `age` by default as its age implemenation, you
can use the `rage` implementation with Flakes like this:

```nix
{pkgs,agenix,...}:{
environment.systemPackages = [
(agenix.packages.x86_64-linux.default.override { ageBin = "${pkgs.age}/bin/age"; })
(agenix.packages.x86_64-linux.default.override { ageBin = "${pkgs.rage}/bin/rage"; })
];
}
```
Expand Down
2 changes: 1 addition & 1 deletion doc/notices.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
# Notices {#notices}

* Password-protected ssh keys: since the underlying tool age/rage do not support ssh-agent, password-protected ssh keys do not work well. For example, if you need to rekey 20 secrets you will have to enter your password 20 times.
* Password-protected ssh keys: since age does not support ssh-agent, password-protected ssh keys do not work well. For example, if you need to rekey 20 secrets you will have to enter your password 20 times.
2 changes: 1 addition & 1 deletion doc/reference.md
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ Example of a secret with a name different from its attrpath:
### `age.ageBin`

`age.ageBin` the string of the path to the `age` binary. Usually, you
don't need to change this. Defaults to `rage/bin/rage`.
don't need to change this. Defaults to `age/bin/age`.

Overriding `age.ageBin` example:

Expand Down
18 changes: 9 additions & 9 deletions flake.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 5 additions & 2 deletions flake.nix
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@

packages = eachSystem (system: {
agenix = nixpkgs.legacyPackages.${system}.callPackage ./pkgs/agenix.nix {};
doc = nixpkgs.legacyPackages.${system}.callPackage ./pkgs/doc.nix {};
doc = nixpkgs.legacyPackages.${system}.callPackage ./pkgs/doc.nix {inherit self;};
default = self.packages.${system}.agenix;
});

Expand All @@ -49,7 +49,10 @@
inherit system;
modules = [
./test/integration_darwin.nix
"${darwin.outPath}/pkgs/darwin-installer/installer.nix"

# Allow new-style nix commands in CI
{nix.extraOptions = "experimental-features = nix-command flakes";}

home-manager.darwinModules.home-manager
{
home-manager = {
Expand Down
2 changes: 1 addition & 1 deletion modules/age-home.nix
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,7 @@ with lib; let
'';
in {
options.age = {
package = mkPackageOption pkgs "rage" {};
package = mkPackageOption pkgs "age" {};

secrets = mkOption {
type = types.attrsOf secretType;
Expand Down
5 changes: 3 additions & 2 deletions modules/age.nix
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@ with lib; let
IDENTITIES=()
for identity in ${toString cfg.identityPaths}; do
test -r "$identity" || continue
test -s "$identity" || continue
IDENTITIES+=(-i)
IDENTITIES+=("$identity")
done
Expand Down Expand Up @@ -189,9 +190,9 @@ in {
options.age = {
ageBin = mkOption {
type = types.str;
default = "${pkgs.rage}/bin/rage";
default = "${pkgs.age}/bin/age";
defaultText = literalExpression ''
"''${pkgs.rage}/bin/rage"
"''${pkgs.age}/bin/age"
'';
description = ''
The age executable to use.
Expand Down
4 changes: 2 additions & 2 deletions pkgs/agenix.nix
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
{
lib,
stdenv,
rage,
age,
jq,
nix,
mktemp,
diffutils,
substituteAll,
ageBin ? "${rage}/bin/rage",
ageBin ? "${age}/bin/age",
shellcheck,
}:
stdenv.mkDerivation rec {
Expand Down

0 comments on commit 457669d

Please sign in to comment.