Fixes #23 by adding the path at age.rekey.generatedSecretsDir only as a deletion candidate if it is not null.
I have done some basic validation that secret generation and orphan removal with age.rekey.generatedSecretsDir set to a sensible value still results in the expected behavior. However, as I usually don't really have an advanced use case of this as a test bed, some more testing might be a good idea.
Also fixes another unhelpful error message similar to the one in #23. Before, when running agenix generate with a secret that has generators set, but not rekeyFile, would result in the same basic error message:
error: Cannot generate as it isn't a direct subpath of the flake directory /nix/store/h9fl1a96wgcsfp4qd7hqnqczi2zp8xva-source, meaning this script cannot determine its true origin!
This seems to happen because the module asserts at ./modules/agenix-rekey.nix appear to be sidestepped when running agenix generate. Therefore, we replicate the module-level assert in ./apps/generate.nix.
Fixes #23 by adding the path at
age.rekey.generatedSecretsDir
only as a deletion candidate if it is notnull
.I have done some basic validation that secret generation and orphan removal with
age.rekey.generatedSecretsDir
set to a sensible value still results in the expected behavior. However, as I usually don't really have an advanced use case of this as a test bed, some more testing might be a good idea.Also fixes another unhelpful error message similar to the one in #23. Before, when running
agenix generate
with a secret that hasgenerators
set, but notrekeyFile
, would result in the same basic error message:This seems to happen because the module asserts at
./modules/agenix-rekey.nix
appear to be sidestepped when runningagenix generate
. Therefore, we replicate the module-level assert in./apps/generate.nix
.TIL: The following appears to be valid bash: