correctly list non-root secrets
Secrets that are only partly owned by root (i.e. either user or group are not 'root') are now accounted for during activation.
This commit is contained in:
parent
553d1f5caa
commit
b0a48f587e
1 changed files with 1 additions and 1 deletions
|
@ -23,7 +23,7 @@ let
|
||||||
rootOwnedSecrets = builtins.filter (st: st.owner == "root" && st.group == "root") (builtins.attrValues cfg.secrets);
|
rootOwnedSecrets = builtins.filter (st: st.owner == "root" && st.group == "root") (builtins.attrValues cfg.secrets);
|
||||||
installRootOwnedSecrets = builtins.concatStringsSep "\n" (["echo '[agenix] decrypting root secrets...'"] ++ (map installSecret rootOwnedSecrets));
|
installRootOwnedSecrets = builtins.concatStringsSep "\n" (["echo '[agenix] decrypting root secrets...'"] ++ (map installSecret rootOwnedSecrets));
|
||||||
|
|
||||||
nonRootSecrets = builtins.filter (st: st.owner != "root" && st.group != "root") (builtins.attrValues cfg.secrets);
|
nonRootSecrets = builtins.filter (st: st.owner != "root" || st.group != "root") (builtins.attrValues cfg.secrets);
|
||||||
installNonRootSecrets = builtins.concatStringsSep "\n" (["echo '[agenix] decrypting non-root secrets...'"] ++ (map installSecret nonRootSecrets));
|
installNonRootSecrets = builtins.concatStringsSep "\n" (["echo '[agenix] decrypting non-root secrets...'"] ++ (map installSecret nonRootSecrets));
|
||||||
|
|
||||||
secretType = types.submodule ({ config, ... }: {
|
secretType = types.submodule ({ config, ... }: {
|
||||||
|
|
Loading…
Reference in a new issue