modules/age: remove old secrets generations
This commit is contained in:
parent
f816a0d5df
commit
111754b894
1 changed files with 5 additions and 0 deletions
|
@ -138,6 +138,11 @@ in
|
||||||
chmod 0750 "${cfg.secretsMountPoint}/$_count"
|
chmod 0750 "${cfg.secretsMountPoint}/$_count"
|
||||||
chown :keys "${cfg.secretsMountPoint}" "${cfg.secretsMountPoint}/$_count"
|
chown :keys "${cfg.secretsMountPoint}" "${cfg.secretsMountPoint}/$_count"
|
||||||
ln -sfn "${cfg.secretsMountPoint}/$_count" /run/secrets
|
ln -sfn "${cfg.secretsMountPoint}/$_count" /run/secrets
|
||||||
|
|
||||||
|
(( _agenix_generation > 1 )) && {
|
||||||
|
echo "[agenix] removing old secrets (generation $(( _agenix_generation - 1 )))..."
|
||||||
|
rm -rf "${cfg.secretsMountPoint}/$(( _agenix_generation - 1 ))"
|
||||||
|
}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
# Secrets with root owner and group can be installed before users
|
# Secrets with root owner and group can be installed before users
|
||||||
|
|
Loading…
Reference in a new issue