jet/extremist-software
jet/extremist-software
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add test for checking for newline in secrets

Browse source
This commit is contained in:
Jet Pham 2026-03-09 22:02:28 -07:00
parent f0b6a088f1
commit b016b11ce3
No known key found for this signature in database
1 changed files with 16 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

16
flake.nix
View file

@ -37,11 +37,27 @@
deploy = pkgs.writeShellScriptBin "nhs" '' deploy = pkgs.writeShellScriptBin "nhs" ''
nh os switch --hostname extremist-software --target-host root@extremist-software path:. "$@" nh os switch --hostname extremist-software --target-host root@extremist-software path:. "$@"
''; '';
check-secrets = pkgs.writeShellScriptBin "check-secrets" ''
set -euo pipefail
failed=0
for f in secrets/*.age; do
last=$(agenix -d "$f" | tail -c 1 | od -An -tx1 | tr -d ' \n')
if [ "$last" = "0a" ]; then
echo "FAIL: $f has trailing newline"
failed=1
fi
done
if [ "$failed" -eq 0 ]; then
echo "All secrets OK: no trailing newlines"
fi
exit $failed
'';
in pkgs.mkShell { in pkgs.mkShell {
packages = [ packages = [
pkgs.nh pkgs.nh
inputs.agenix.packages.x86_64-linux.default inputs.agenix.packages.x86_64-linux.default
deploy deploy
check-secrets
]; ];
}; };
}; };