search

ryantm / agenix

age-encrypted secrets for NixOS and Home manager
https://matrix.to/#/#agenix:nixos.org
Creative Commons Zero v1.0 Universal
1.38k stars 110 forks source link

Add home-manager module #180

Closed ambroisie closed 1 year ago

ambroisie commented 1 year ago

This is to update and fix the issues I saw in 1 and 2.

Using a service definition instead of an activation script should resolve the issue about the secrets disappearing after rebooting.

Removed the user and group option as they do not make sense to me for a home-manager module, which should target a single user. They can always be added back if somebody comes screaming.

This is somewhat modeled after sops-nix's own module 3.

happysalada commented 1 year ago

I'm curious if anyone has tried this on a machine where they have both system wide secrets and user level secrets. I can't make agenix.nixosModules.age and agenix.homeManagerModules.age work together. I'm not sure why.

ambroisie commented 1 year ago

@happysalada I believe this is done in the tests IIRC? I haven't checked though.

happysalada commented 1 year ago

nixos tests only test for one user on the home-manager tests it seems https://github.com/ryantm/agenix/blob/main/test/integration.nix#L49

ambroisie commented 1 year ago

Well yes, but that is testing systemd-wide secrets and user-level secrets on the same host.

Anecdotally, it works on my machine ™️.