]> git.immae.eu Git - perso/Immae/Config/Nix.git/commitdiff
projects / perso / Immae / Config / Nix.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d461f6a)
Fix secrets getting emptied
authorIsmaël Bouya <ismael.bouya@normalesup.org>
Fri, 29 Oct 2021 00:07:29 +0000 (02:07 +0200)
committerIsmaël Bouya <ismael.bouya@normalesup.org>
Sun, 9 Apr 2023 15:14:24 +0000 (17:14 +0200)
This commit will fix secrets that are getting emptied if the secrets
file is missing

flakes/private/openarc/flake.lock patch | blob | blame | history
flakes/private/opendmarc/flake.lock patch | blob | blame | history
flakes/secrets/flake.nix patch | blob | blame | history

diff --git a/flakes/private/openarc/flake.lock b/flakes/private/openarc/flake.lock
index be75993707e9594f764b2873b32c01e8fcf1271f..aa7904c966da6a8710ac1d1d1afc23d416f717f3 100644 (file)
--- a/flakes/private/openarc/flake.lock
+++ b/flakes/private/openarc/flake.lock
@@ -146,7 +146,7 @@
     },
     "secrets": {
       "locked": {
-        "narHash": "sha256-w3u1bMEJHCg9SqErJ5Qi0sTX2xx7mk+HrHZXzpjQd1w=",
+        "narHash": "sha256-X2waGhgIUDWbxCE5uvnscvlKni8Esbwaj6NncDShOnQ=",
         "path": "../../secrets",
         "type": "path"
       },
diff --git a/flakes/private/opendmarc/flake.lock b/flakes/private/opendmarc/flake.lock
index f40e1a9632a200895fe910455e1721aa3bad200e..6bc1482e09ba5bdaf1bf266d578abb9fca7610be 100644 (file)
--- a/flakes/private/opendmarc/flake.lock
+++ b/flakes/private/opendmarc/flake.lock
@@ -129,7 +129,7 @@
     },
     "secrets": {
       "locked": {
-        "narHash": "sha256-w3u1bMEJHCg9SqErJ5Qi0sTX2xx7mk+HrHZXzpjQd1w=",
+        "narHash": "sha256-X2waGhgIUDWbxCE5uvnscvlKni8Esbwaj6NncDShOnQ=",
         "path": "../../secrets",
         "type": "path"
       },
diff --git a/flakes/secrets/flake.nix b/flakes/secrets/flake.nix
index ef74a30244f49ee28465ad0663312cbfedd6ca08..f2ebefb4c86a6ae3f2e2bc33a5da8b5299a9b613 100644 (file)
--- a/flakes/secrets/flake.nix
+++ b/flakes/secrets/flake.nix
@@ -133,13 +133,11 @@
             TMP=$(${pkgs.coreutils}/bin/mktemp -d)
             TMPWORK=$(${pkgs.coreutils}/bin/mktemp -d)
             chmod go-rwx $TMPWORK
-            if [ -n "$TMP" -a -n "$TMPWORK" ]; then
+            if [ -n "$TMP" -a -n "$TMPWORK" -a -f ${config.secrets.secretsVars} ]; then
               install -m0750 -o root -g keys -d $TMP
               ${pkgs.ssh-to-age}/bin/ssh-to-age -private-key -i ${config.secrets.decryptKey} -o $TMPWORK/keys.txt
               SOPS_AGE_KEY_FILE=$TMPWORK/keys.txt ${pkgs.sops}/bin/sops -d ${secrets} | ${pkgs.gnutar}/bin/tar --strip-components 1 -C $TMP -x
-              if [ -f ${config.secrets.secretsVars} ]; then
-                SOPS_AGE_KEY_FILE=$TMPWORK/keys.txt ${pkgs.sops}/bin/sops -d ${config.secrets.secretsVars} > $TMPWORK/vars.yml
-              fi
+              SOPS_AGE_KEY_FILE=$TMPWORK/keys.txt ${pkgs.sops}/bin/sops -d ${config.secrets.secretsVars} > $TMPWORK/vars.yml
               if [ -f $TMPWORK/vars.yml ]; then
                 find $TMP -name "*.gucci.tpl" -exec \
                   /bin/sh -c 'f="{}"; ${pkgs.gucci}/bin/gucci -f '$TMPWORK'/vars.yml "$f" > "''${f%.gucci.tpl}"; touch --reference "$f" ''${f%.gucci.tpl} ; chmod --reference="$f" ''${f%.gucci.tpl} ; chown --reference="$f" ''${f%.gucci.tpl}' \;
My infrastructure configuration