opnix
opnix copied to clipboard
brizzbuzz
Agenix inspired tool enabling users to inject secrets from 1password into their Nix servers at build time
Hi @brizzbuzz, I wanted to try opnix in my flake. I setup everything "correctly": 1. opnix token via the cli: `sudo opnix token set` (service account) 2. I change the...
Content of the PR: - Update 1password SDK and all indirect dependencies -> main change - Update the flake and consequently the GO version (needed by some dependency) - Fix...
The NixOS module uses `system.activationScripts` to retrieve the secret, which is run on every boot. It's considered an error if the token file is missing, and that fails the boot...
In agenix, you can [reference](https://github.com/ryantm/agenix?tab=readme-ov-file#agesecretsnamepath) the path of a secret-generated file with something like `age.secrets..path`. Would it be possible to support something like that within opnix? If so, it would...
This works for nixos and home-manager, but is there appetite for supporting running at a system-level in [nix-darwin](https://github.com/nix-darwin/nix-darwin), for situations where home-manager (user-scoped) is not sufficient?
Thanks for the useful project! I was wondering if there's a reason that the NixOS module doesn't provide an easy-to-use overlay to easily add the package to the default package...
Getting an error trying to set up Opnix hm module on darwin ``` Error: Cannot read system token at /etc/opnix-token Make sure you are in the onepassword-secrets group: 1. Enable...
Would be nice to manage secrets across multiple files (ie 1 for db, one for api keys, etc. etc.)
What's the best way to reference secrets as variables so they can be used as values or substitutions in other Nix code (in my case, home-manager)? Here's an example of...
## Current Behavior The systemd integration feature (PR #27) works perfectly for restarting services when secrets change, but currently requires manual triggering of the opnix CLI command to fetch updated...