2021-05-04 15:24:31 +02:00
|
|
|
{
|
2021-07-20 17:50:08 +02:00
|
|
|
lib,
|
2023-01-29 20:58:38 +01:00
|
|
|
stdenv,
|
2023-12-20 22:13:47 +01:00
|
|
|
age,
|
2023-02-13 17:06:58 +01:00
|
|
|
jq,
|
2021-05-04 15:24:31 +02:00
|
|
|
nix,
|
|
|
|
mktemp,
|
2021-07-22 13:58:29 +02:00
|
|
|
diffutils,
|
2023-01-29 20:58:38 +01:00
|
|
|
substituteAll,
|
2023-12-20 22:13:47 +01:00
|
|
|
ageBin ? "${age}/bin/age",
|
2023-01-29 20:58:38 +01:00
|
|
|
shellcheck,
|
2023-12-23 23:43:03 +01:00
|
|
|
}: let
|
|
|
|
bin = "${placeholder "out"}/bin/agenix";
|
|
|
|
in
|
|
|
|
stdenv.mkDerivation rec {
|
|
|
|
pname = "agenix";
|
|
|
|
version = "0.15.0";
|
|
|
|
src = substituteAll {
|
|
|
|
inherit ageBin version;
|
|
|
|
jqBin = "${jq}/bin/jq";
|
|
|
|
nixInstantiate = "${nix}/bin/nix-instantiate";
|
|
|
|
mktempBin = "${mktemp}/bin/mktemp";
|
|
|
|
diffBin = "${diffutils}/bin/diff";
|
|
|
|
src = ./agenix.sh;
|
|
|
|
};
|
|
|
|
dontUnpack = true;
|
|
|
|
doInstallCheck = true;
|
|
|
|
installCheckInputs = [shellcheck];
|
|
|
|
postInstallCheck = ''
|
|
|
|
shellcheck ${bin}
|
|
|
|
${bin} -h | grep ${version}
|
2023-01-29 20:58:38 +01:00
|
|
|
|
2023-12-23 23:47:15 +01:00
|
|
|
HOME=$(mktemp -d 2>/dev/null || mktemp -d -t 'mytmpdir')
|
|
|
|
function cleanup {
|
|
|
|
rm -rf $HOME
|
|
|
|
}
|
|
|
|
trap "cleanup" 0 2 3 15
|
|
|
|
|
|
|
|
mkdir -p $HOME/.ssh
|
|
|
|
cp -r "${../example}" $HOME/secrets
|
|
|
|
chmod -R u+rw $HOME/secrets
|
2023-12-23 23:43:03 +01:00
|
|
|
(
|
|
|
|
umask u=rw,g=r,o=r
|
|
|
|
cp ${../example_keys/user1.pub} $HOME/.ssh/id_ed25519.pub
|
|
|
|
chown $UID $HOME/.ssh/id_ed25519.pub
|
|
|
|
)
|
|
|
|
(
|
|
|
|
umask u=rw,g=,o=
|
|
|
|
cp ${../example_keys/user1} $HOME/.ssh/id_ed25519
|
|
|
|
chown $UID $HOME/.ssh/id_ed25519
|
|
|
|
)
|
2023-01-29 20:58:38 +01:00
|
|
|
|
2023-12-23 23:47:15 +01:00
|
|
|
cd $HOME/secrets
|
2023-12-23 23:43:03 +01:00
|
|
|
test $(${bin} -d secret1.age) = "hello"
|
|
|
|
'';
|
2023-01-29 20:58:38 +01:00
|
|
|
|
2023-12-23 23:43:03 +01:00
|
|
|
installPhase = ''
|
|
|
|
install -D $src ${bin}
|
|
|
|
'';
|
|
|
|
|
|
|
|
meta.description = "age-encrypted secrets for NixOS";
|
|
|
|
}
|