From 34f61d4f275438d483f7ba78321e636fc903bb41 Mon Sep 17 00:00:00 2001
From: Christoph Urlacher <christoph.urlacher@protonmail.com>
Date: Thu, 26 Mar 2026 21:00:38 +0100
Subject: [PATCH] Modules/Sops: Update secret definitions for nix-darwin

---
 system/darwinix/default.nix               |  7 +++++--
 system/systemmodules/sops-nix/default.nix | 14 ++++++++++----
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/system/darwinix/default.nix b/system/darwinix/default.nix
index 374d24e1..5e06c958 100644
--- a/system/darwinix/default.nix
+++ b/system/darwinix/default.nix
@@ -84,10 +84,13 @@
   };
 
   users.users.${username} = {
-    isHidden = false;
+    name = "${username}";
     description = "Christoph";
-    home = "/Users/${username}";
+    uid = 501;
+    gid = 20;
     createHome = false;
+    home = "/Users/${username}";
+    isHidden = false;
 
     # NOTE: Not set if the user already exists on darwin, so use chsh for the root user
     shell = pkgs.fish;
diff --git a/system/systemmodules/sops-nix/default.nix b/system/systemmodules/sops-nix/default.nix
index b98c504c..91d82e65 100644
--- a/system/systemmodules/sops-nix/default.nix
+++ b/system/systemmodules/sops-nix/default.nix
@@ -33,10 +33,16 @@ in {
 
       secrets = let
         mkSecret = name: {
-          ${name} = {
-            owner = config.users.users.${username}.name;
-            group = config.users.users.${username}.group;
-          };
+          ${name} = lib.mkMerge [
+            (lib.optionalAttrs pkgs.stdenv.isLinux {
+              owner = config.users.users.${username}.name;
+              group = config.users.users.${username}.group;
+            })
+            (lib.optionalAttrs pkgs.stdenv.isDarwin {
+              owner = config.users.users.${username}.name;
+              group = "staff"; # Apparently there's no way to get the primary group?
+            })
+          ];
         };
 
         mkBootSecret = name: {