home-manager: Include home.activation-script for linux similar to macos

README.md

@@ -804,15 +804,6 @@ The secrets are decrypted in a systemd user service called `sops-nix`, so other
 }
 ```
 
-As home-manager does not restart the `sops-nix` unit automatically instruct home-manager to do so:
-```nix
-{
-  home.activation.setupEtc = config.lib.dag.entryAfter [ "writeBoundary" ] ''
-    /run/current-system/sw/bin/systemctl start --user sops-nix
-  '';
-}
-```
-
 ## Use with GPG instead of SSH keys
 
 If you prefer having a separate GPG key, sops-nix also comes with a helper tool, `sops-init-gpg-key`:

modules/home-manager/sops.nix

@@ -256,15 +256,29 @@ in {
       };
     };
 
-    # darwin: [re]load secrets on home-manager activation
+    # [re]load secrets on home-manager activation
-    home.activation = lib.mkIf pkgs.stdenv.hostPlatform.isDarwin {
+    home.activation = let 
-      sops-nix = let
+      darwin = let
         domain-target = "gui/$(id -u ${config.home.username})";
       in ''
         /bin/launchctl bootout ${domain-target}/org.nix-community.home.sops-nix && true
         /bin/launchctl bootstrap ${domain-target} ${config.home.homeDirectory}/Library/LaunchAgents/org.nix-community.home.sops-nix.plist
       '';
-    };
 
+      linux = let systemctl = config.systemd.user.systemctlPath; in ''
+        systemdStatus=$(${systemctl} --user is-system-running 2>&1 || true)
+
+        if [[ $systemdStatus == 'running' ]]; then
+          ${config.systemd.user.systemctlPath} restart --user sops-nix
+        else
+          echo "User systemd daemon not running. Probably executed on boot where no manual start/reload is needed."
+        fi
+
+        unset systemdStatus
+      '';
+    
+    in {
+      sops-nix = if pkgs.stdenv.isLinux then linux else darwin;
+    };
   };
 }