From d3088f783f36c132d66e4854ec72fc0b13429f9d Mon Sep 17 00:00:00 2001
From: Christoph Heiss <christoph@c8h4.io>
Date: Thu, 3 Apr 2025 22:30:35 +0200
Subject: [PATCH] module: set `HOME` envvar to avoid warnings on sops >= 3.10.0

Signed-off-by: Christoph Heiss <christoph@c8h4.io>

Update modules/sops/default.nix

Co-authored-by: Dominik Schrempf <dominik.schrempf@gmail.com>
---
 modules/sops/default.nix | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/modules/sops/default.nix b/modules/sops/default.nix
index c0e949e..b990e3e 100644
--- a/modules/sops/default.nix
+++ b/modules/sops/default.nix
@@ -34,7 +34,17 @@ let
     || (options.services ? userborn && config.services.userborn.enable);
 
   withEnvironment = import ./with-environment.nix {
-    inherit cfg lib;
+    # sops >=3.10.0 now unconditionally searches 
+    # for an SSH key in $HOME/.ssh/, introduced in #1692 [0]. Since in the
+    # activation script $HOME is never set, it just spits out a slew a
+    # warnings [1].
+    #
+    # [0] https://github.com/Mic92/sops-nix/issues/764
+    # [1] https://github.com/getsops/sops/pull/1692
+    cfg = lib.recursiveUpdate cfg {
+      environment.HOME = "/var/empty";
+    };
+    inherit lib;
   };
   secretType = lib.types.submodule (
     { config, ... }: