dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos/containers: Fix agenix being broken with no dev key

Browse Source
This commit is contained in:
Jack O'Sullivan
2022-06-11 01:33:56 +01:00
parent 106698b53e
commit 58b2c6d8c5
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
nixos/modules/containers.nix
View File

@@ -265,6 +265,7 @@ in
};
# age requires all keys to at least exist, even if they're not going to be used
agenixMountSecrets.deps = [ "ensureDevKey" ];
ensureDevKey.text =
''
[ ! -e "${devVMKeyPath}" ] && touch "${devVMKeyPath}"

2
nixos/modules/secrets.nix
View File

@@ -26,7 +26,7 @@ in
# Use the persit dir to grab the keys instead, otherwise they might not be ready. We can't really make
# agenix depend on impermanence, since users depends on agenix (to decrypt passwords) and impermanence
# depends on users
(e: let pDir = config.my.tmproot.persistence.dir; in if pDir != null then "${pDir}/${e.path}" else e.path)
(e: let pDir = config.my.tmproot.persistence.dir; in if pDir != null then "${pDir}${e.path}" else e.path)
(lib.filter (e: e.type == "rsa" || e.type == "ed25519") config.services.openssh.hostKeys));
};
}