about summary refs log tree commit diff
path: root/modules/secrets/default.nix (follow)
Commit message (Collapse)AuthorAgeFilesLines
* modules/secrets: use age keys for agenix' identityFranck Cuny2023-03-101-2/+5
| | | | | | I'll re-key all my secrets with age keys instead of using ssh keys. This change is to specify the path for the identities when agenix decrypts the secrets.
* fix(modules/secrets): call correct function for groupFranck Cuny2022-08-061-2/+3
| | | | | | | | | | The function `groupExists` returns a boolean, what we want is `groupIfExists` which returns the actual name of the group. Change-Id: I7db50066e13932dd617ffccb9dae40ecb1d383a5 Reviewed-on: https://cl.fcuny.net/c/world/+/701 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(modules/secrets): call correct function for group validationFranck Cuny2022-07-201-1/+1
| | | | | | | Change-Id: I84deb43c422668719157a5027e8dbea9a1ec92cf Reviewed-on: https://cl.fcuny.net/c/world/+/662 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(modules/secrets): set correctly all possible attributesFranck Cuny2022-07-201-5/+10
| | | | | | | | | | | | | | | | Secrets can have multiple attributes: the owner, group, mode and path. So far, we were setting the file (path where it should be read from), the owner (if it exists), the group (if it exists) and the mode. The attribute 'path' was not propagated correctly. We now check for all these attributes (as optional) and if they exists we set them. We still validate that the user and group exist before setting them. Change-Id: Ifeccf2ee9d0acd17a3cd05de8d08968cea49550b Reviewed-on: https://cl.fcuny.net/c/world/+/641 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(fmt): correct formatting for all nix filesFranck Cuny2022-06-101-20/+23
| | | | | | | | | This was done by running `nixpkgs-fmt .'. Change-Id: I4ea6c1e759bf468d08074be2111cbc7af72df295 Reviewed-on: https://cl.fcuny.net/c/world/+/404 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
* fix(secrets): pass group and mode to agenixFranck Cuny2022-06-041-2/+8
| | | | | | | | | | | | | | | | | It took me a while to understand why the group and mode were not set correctly for the buildkite agent secrets. This module is an abstraction on top of agenix to modify the filename and ensure that the owner of the file is actually defined in the configuration. This was not passing the group and mode to agenix, which is why these values were never set. This change modify the library to check that the group exists (as we do for the user), and pass the mode down. Change-Id: I7f8545868986110ad92fa63ef8efe4cd3bbd9b0f Reviewed-on: https://cl.fcuny.net/c/world/+/282 Reviewed-by: Franck Cuny <franck@fcuny.net>
* secrets: we can specify which user owns itFranck Cuny2022-04-131-2/+7
|
* secrets: move the actual secrets with hosts configFranck Cuny2022-04-131-11/+12
| | | | | | Having the secrets closer to the host is easier to manage. At the moment I don't have secrets that are shared across multiple hosts, so that's an OK approach.
* secrets: fix the path to the ssh keyFranck Cuny2022-04-131-4/+3
|
* secrets: load ssh key only if it existsFranck Cuny2022-04-131-1/+1
|
* secrets: move all the secrets under module/Franck Cuny2022-04-101-0/+24
Refactor a bit the configuration, which should simplify the management and usage of secrets from now on.