From 8b4048123e33bb4f5e1f84907d34c9b5b630d3c7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Janne=20He=C3=9F?= <janne@hess.ooo>
Date: Mon, 4 Jul 2022 21:06:05 +0200
Subject: [PATCH] Add a launchd service to the home-manager module

---
 modules/home-manager/sops.nix | 36 ++++++++++++++++++++++++-----------
 1 file changed, 25 insertions(+), 11 deletions(-)

diff --git a/modules/home-manager/sops.nix b/modules/home-manager/sops.nix
index 31bfa0e..fcd7225 100644
--- a/modules/home-manager/sops.nix
+++ b/modules/home-manager/sops.nix
@@ -83,6 +83,18 @@ let
   };
 
   manifest = manifestFor "" cfg.secrets;
+
+  script = toString (pkgs.writeShellScript "sops-nix-user" ((lib.optionalString (cfg.gnupg.home != null) "export SOPS_GPG_EXEC=${pkgs.gnupg}/bin/gpg")
+    + (lib.optionalString cfg.age.generateKey ''
+    if [[ ! -f '${cfg.age.keyFile}' ]]; then
+      echo generating machine-specific age key...
+      mkdir -p $(dirname ${cfg.age.keyFile})
+      # age-keygen sets 0600 by default, no need to chmod.
+      ${pkgs.age}/bin/age-keygen -o ${cfg.age.keyFile}
+    fi
+  '' + ''
+    ${sops-install-secrets}/bin/sops-install-secrets -ignore-passwd '${manifest}'
+  '')));
 in {
   options.sops = {
     secrets = lib.mkOption {
@@ -207,20 +219,22 @@ in {
         Description = "sops-nix activation";
       };
       Service = {
-        Environment = lib.mkIf (cfg.gnupg.home != null) [ "SOPS_GPG_EXEC=${pkgs.gnupg}/bin/gpg" ];
         Type = "oneshot";
-        ExecStart = toString (pkgs.writeShellScript "sops-nix-user" (lib.optionalString cfg.age.generateKey ''
-          if [[ ! -f '${cfg.age.keyFile}' ]]; then
-            echo generating machine-specific age key...
-            mkdir -p $(dirname ${cfg.age.keyFile})
-            # age-keygen sets 0600 by default, no need to chmod.
-            ${pkgs.age}/bin/age-keygen -o ${cfg.age.keyFile}
-          fi
-        '' + ''
-          ${sops-install-secrets}/bin/sops-install-secrets -ignore-passwd '${manifest}'
-        ''));
+        ExecStart = script;
       };
       Install.WantedBy = [ "default.target" ];
     };
+
+    launchd.agents.sops-nix = {
+      enable = true;
+      config = {
+        ProgramArguments = [ script ];
+        KeepAlive = {
+          Crashed = false;
+          SuccessfulExit = false;
+        };
+        ProcessType = "Background";
+      };
+    };
   };
 }