Merge pull request #171 from ryantm/revert-169-rm-2-26-identity-storepath
Revert "fix: disallow Nix store paths in age.identityPaths option"
This commit is contained in:
commit
4828951d9d
1 changed files with 4 additions and 11 deletions
|
@ -174,15 +174,6 @@ with lib; let
|
|||
symlink = mkEnableOption "symlinking secrets to their destination" // {default = true;};
|
||||
};
|
||||
});
|
||||
|
||||
identity = with types;
|
||||
mkOptionType {
|
||||
name = "identity";
|
||||
description = "Path to the identity for age decryption. Usually a path to an SSH key. Must not be a store path, because we do not want private keys to end up in the nix store.";
|
||||
descriptionClass = "noun";
|
||||
check = x: isStringLike x && !isStorePath x;
|
||||
merge = mergeEqualOption;
|
||||
};
|
||||
in {
|
||||
imports = [
|
||||
(mkRenamedOptionModule ["age" "sshKeyPaths"] ["age" "identityPaths"])
|
||||
|
@ -225,7 +216,7 @@ in {
|
|||
'';
|
||||
};
|
||||
identityPaths = mkOption {
|
||||
type = types.listOf identity;
|
||||
type = types.listOf types.path;
|
||||
default =
|
||||
if (config.services.openssh.enable or false)
|
||||
then map (e: e.path) (lib.filter (e: e.type == "rsa" || e.type == "ed25519") config.services.openssh.hostKeys)
|
||||
|
@ -235,7 +226,9 @@ in {
|
|||
"/etc/ssh/ssh_host_rsa_key"
|
||||
]
|
||||
else [];
|
||||
description = "List of identities: ${identity.description}";
|
||||
description = ''
|
||||
Path to SSH keys to be used as identities in age decryption.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in a new issue