pkg/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2026-02-22 21:05:44 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

feat(nixos): wire hardware key deps to secrets-for-users module

Browse source 
Add support for activationScriptDeps and systemdDeps in the
secrets-for-users module, ensuring pcscd dependencies are
respected for secrets that need to be available before user
creation (neededForUsers = true).
This commit is contained in:
Ryota 2026-01-17 02:15:00 +00:00
parent 31f9f6cdb4
commit 84a8698b98
No known key found for this signature in database
GPG key ID: 5370567CADB11F6C
1 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
modules/sops/secrets-for-users/default.nix
View file

@ -35,6 +35,8 @@ in
{ {
wantedBy = [ "systemd-sysusers.service" ]; wantedBy = [ "systemd-sysusers.service" ];
before = [ "systemd-sysusers.service" ]; before = [ "systemd-sysusers.service" ];
after = cfg.age.systemdDeps;
wants = cfg.age.systemdDeps;
environment = cfg.environment; environment = cfg.environment;
unitConfig.DefaultDependencies = "no"; unitConfig.DefaultDependencies = "no";
path = cfg.age.plugins; path = cfg.age.plugins;
@ -48,7 +50,11 @@ in
system.activationScripts = lib.mkIf (secretsForUsers != { } && !useSystemdActivation) { system.activationScripts = lib.mkIf (secretsForUsers != { } && !useSystemdActivation) {
setupSecretsForUsers = setupSecretsForUsers =
lib.stringAfter ([ "specialfs" ] ++ lib.optional cfg.age.generateKey "generate-age-key") '' lib.stringAfter (
[ "specialfs" ]
++ lib.optional cfg.age.generateKey "generate-age-key"
++ cfg.age.activationScriptDeps
) ''
[ -e /run/current-system ] || echo setting up secrets for users... [ -e /run/current-system ] || echo setting up secrets for users...
${withEnvironment "${cfg.package}/bin/sops-install-secrets -ignore-passwd ${manifestForUsers}"} ${withEnvironment "${cfg.package}/bin/sops-install-secrets -ignore-passwd ${manifestForUsers}"}
'' ''