homeage
homeage copied to clipboard
runtime decrypted age secrets for nix home manager
Unfortunately, the change in #4 prevented users on MacOS from using this tool on those machines going forward, as we do not have access to systemd or a useful-parity replacement,...
Hey, I set up my NixOS system with home-manager as NixOS module. Therefore, the activation script will run inside a systemd service that also runs on system boot. During that...
For consistency I think it would be better to use the same name as agenix (even though I find `source` a little clearer than `file`)
Implement activation checks: - [x] Each secret can be decrypted - [ ] No existing file conflicts
Allow for choosing between startup and activation decrypted secrets. Goes along with tmpfs/ramfs mounted secrets vs disk mounted secrets.
Should perform checks so it fails before applying if anything is wrong. Checks to perform: - [x] [Assertion] Duplicated paths in home-manager declaration - [x] [Assertion] Set `activationMount`/`startupMount` if needed....
# homeageCleanup Overview ## Goal Cleanup state of copies and symlinks on home manager changes (updates and rollbacks). Only way to have a non-cleaned up system is if you remove...
Add option to use script instead of systemd for startup secret decryption. Waiting on v0.1 stabilization of option set and writing checks/cleanup.
This would be a global flag. Not sure if there would be use cases where this setting would be needed on a per file level, so I skipped that for...
### Issue Currently all symbolic links that point to the `/run` secrets folder do not get cleaned up. Also decrypted secrets in `/run` are not deleted. Need a cleanup solution...