pkg/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2026-01-07 22:27:24 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add a launchd service to the home-manager module

Browse source
This commit is contained in:
Janne Heß 2022-07-04 21:06:05 +02:00 committed by Pogobanane
parent 3afa9ca553
commit 8b4048123e
1 changed files with 25 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

36
modules/home-manager/sops.nix
View file

@ -83,6 +83,18 @@ let
};
manifest = manifestFor "" cfg.secrets;
script = toString (pkgs.writeShellScript "sops-nix-user" ((lib.optionalString (cfg.gnupg.home != null) "export SOPS_GPG_EXEC=${pkgs.gnupg}/bin/gpg")
+ (lib.optionalString cfg.age.generateKey ''
if [[ ! -f '${cfg.age.keyFile}' ]]; then
echo generating machine-specific age key...
mkdir -p $(dirname ${cfg.age.keyFile})
# age-keygen sets 0600 by default, no need to chmod.
${pkgs.age}/bin/age-keygen -o ${cfg.age.keyFile}
fi
'' + ''
${sops-install-secrets}/bin/sops-install-secrets -ignore-passwd '${manifest}'
'')));
in {
options.sops = {
secrets = lib.mkOption {
@ -207,20 +219,22 @@ in {
Description = "sops-nix activation";
};
Service = {
Environment = lib.mkIf (cfg.gnupg.home != null) [ "SOPS_GPG_EXEC=${pkgs.gnupg}/bin/gpg" ];
Type = "oneshot";
ExecStart = toString (pkgs.writeShellScript "sops-nix-user" (lib.optionalString cfg.age.generateKey ''
if [[ ! -f '${cfg.age.keyFile}' ]]; then
echo generating machine-specific age key...
mkdir -p $(dirname ${cfg.age.keyFile})
# age-keygen sets 0600 by default, no need to chmod.
${pkgs.age}/bin/age-keygen -o ${cfg.age.keyFile}
fi
'' + ''
${sops-install-secrets}/bin/sops-install-secrets -ignore-passwd '${manifest}'
''));
ExecStart = script;
};
Install.WantedBy = [ "default.target" ];
};
launchd.agents.sops-nix = {
enable = true;
config = {
ProgramArguments = [ script ];
KeepAlive = {
Crashed = false;
SuccessfulExit = false;
};
ProcessType = "Background";
};
};
};
}