colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

sops: remove the default examples

Browse Source
This commit is contained in:
Colin
2025-06-06 21:56:45 +00:00
parent 503cc832d4
commit 0951725e36
3 changed files with 34 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
hosts/common/programs/assorted.nix
View File

@@ -1096,14 +1096,6 @@ in
# TODO: enable dma heaps for more efficient buffer sharing: <https://gitlab.com/postmarketOS/pmaports/-/issues/2789> # TODO: enable dma heaps for more efficient buffer sharing: <https://gitlab.com/postmarketOS/pmaports/-/issues/2789>
snapshot.sandbox.method = null; #< TODO: sandbox snapshot.sandbox.method = null; #< TODO: sandbox
sops.sandbox.extraHomePaths = [
".config/sops"
"nixos"
# TODO: sops should only need access to knowledge/secrets,
# except that i currently put its .sops.yaml config in the root of ~/knowledge
"knowledge"
];
sox.sandbox.autodetectCliPaths = "existingFileOrParent"; sox.sandbox.autodetectCliPaths = "existingFileOrParent";
sox.sandbox.whitelistAudio = true; sox.sandbox.whitelistAudio = true;

1
hosts/common/programs/default.nix
View File

@@ -189,6 +189,7 @@
./sm64coopdx.nix ./sm64coopdx.nix
./sm64ex-coop.nix ./sm64ex-coop.nix
./smartmontools.nix ./smartmontools.nix
./sops.nix
./soundconverter.nix ./soundconverter.nix
./splatmoji.nix ./splatmoji.nix
./spot.nix ./spot.nix

33
hosts/common/programs/sops.nix Normal file
View File

@@ -0,0 +1,33 @@
{ pkgs, ... }: {
sane.programs.sops = {
packageUnwrapped = pkgs.sops.overrideAttrs (upstream: {
# sops default behavior is to pre-populate a file with a bunch of example text.
# deleting that text for _every_ new secret is annoying.
# not tunable by config, so patch out.
postPatch = (upstream.postPatch or "") + ''
substituteInPlace stores/dotenv/store.go --replace-fail \
'stores.ExampleFlatTree.Branches' \
'sops.TreeBranches{sops.TreeBranch{}}'
substituteInPlace stores/ini/store.go --replace-fail \
'stores.ExampleSimpleTree.Branches' \
'sops.TreeBranches{}'
substituteInPlace stores/json/store.go --replace-fail \
'stores.ExampleComplexTree.Branches' \
'sops.TreeBranches{sops.TreeBranch{}}'
substituteInPlace stores/yaml/store.go --replace-fail \
'stores.ExampleComplexTree.Branches' \
'sops.TreeBranches{}'
# substituteInPlace cmd/sops/edit.go \
# --replace-fail 'opts.InputStore.EmitExample()' '[]byte("")'
'';
});
sandbox.extraHomePaths = [
".config/sops"
"nixos"
# TODO: sops should only need access to knowledge/secrets,
# except that i currently put its .sops.yaml config in the root of ~/knowledge
"knowledge"
];
};
}