1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00

feat: inherit lovesegfault's changes to host generation

This commit is contained in:
oddlama 2023-01-30 17:10:56 +01:00
parent 2081ce6585
commit 7c6461d8e2
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
7 changed files with 18 additions and 29 deletions

View file

@ -35,13 +35,12 @@ with lib; {
hasGoodSuffix = x: strings.hasSuffix ".age" x || strings.hasSuffix ".pub" x;
in
# drv.drvPath doesn't force evaluation, which allows the warning to be displayed
# before the error occurs
# in case the derivation is not built before deploying
optional (!pathExists (removeSuffix ".drv" drv.drvPath)) ''
The secrets have not yet been rekeyed!
The secrets for host ${config.networking.hostName} have not yet been rekeyed!
Be sure to run `nix run ".#rekey"` after changing your secrets!
''
++ optional (!all hasGoodSuffix config.rekey.masterIdentityPaths)
''
++ optional (!all hasGoodSuffix config.rekey.masterIdentityPaths) ''
It seems like at least one of your rekey.masterIdentityPaths contains an
unencrypted age identity. These files will be copied to the nix store, so
make sure they don't contain any secret information!