From 3c93a7e549f763c492bd695c5a46a329f3b474e1 Mon Sep 17 00:00:00 2001 From: Christoph Urlacher Date: Fri, 25 Jul 2025 23:33:48 +0200 Subject: [PATCH] System/Servenix+Thinknix: Fix sops key issue, they key location assumed an impermanent setup Changed the default location to /home/${username}/.secrets/age/age.key, impermanent systems have to override this. --- system/default.nix | 2 -- system/modules/sops-nix/default.nix | 4 +--- system/nixinator/default.nix | 4 ++++ 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/system/default.nix b/system/default.nix index b64a841e..1cf60022 100644 --- a/system/default.nix +++ b/system/default.nix @@ -91,8 +91,6 @@ with mylib.networking; { polkit.enable = true; - # TODO: This does not work on ServeNix? - # Check on ThinkNix... sops-nix.bootSecrets.${username} = [ "user-password" ]; diff --git a/system/modules/sops-nix/default.nix b/system/modules/sops-nix/default.nix index cee62e27..a5da1745 100644 --- a/system/modules/sops-nix/default.nix +++ b/system/modules/sops-nix/default.nix @@ -26,9 +26,7 @@ in { defaultSopsFile = ./secrets.yaml; age = { - # NOTE: Sops needs the keys before impermanence kicks in - # so we have to link to /persist directly... - keyFile = "/persist/home/${username}/.secrets/age/age.key"; + keyFile = lib.mkDefault "/home/${username}/.secrets/age/age.key"; generateKey = false; sshKeyPaths = []; }; diff --git a/system/nixinator/default.nix b/system/nixinator/default.nix index a3839c29..84273b36 100644 --- a/system/nixinator/default.nix +++ b/system/nixinator/default.nix @@ -85,6 +85,10 @@ ]; }; + # NOTE: Sops needs the keys before impermanence kicks in + # so we have to link to /persist directly... + sops.age.keyFile = "/persist/home/${username}/.secrets/age/age.key"; + sops.templates."makemkv-settings.conf" = { owner = config.users.users.${username}.name; content = ''