SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-03-22 17:49:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

sops: Add assertions to validate secret existence at eval time

Browse source
This commit is contained in:
SebastianStork 2026-02-26 19:27:34 +01:00
parent 1a78e2b1f0
commit 653a6f310b
Signed by: SebastianStork
SSH key fingerprint: SHA256:tRrGdjYOwgHxpSc/wTOZQZEjxcb15P0tyXRsbAfd+2Q
1 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
modules/home/sops.nix
View file

@ -36,5 +36,13 @@ in
age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ]; age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
defaultSopsFile = cfg.secretsFile; defaultSopsFile = cfg.secretsFile;
}; };
assertions =
config.sops.secrets
|> lib.attrNames
|> lib.map (secretPath: {
assertion = cfg.secrets |> lib.hasAttrByPath (secretPath |> lib.splitString "/");
message = "Sops secret `${secretPath}` must be defined in secrets.json";
});
}; };
} }