christoph/flake-nixinator
1
Fork 0
Code Activity

Modules/Sops: Use keys directly from /persist (impermanence kicks in only after sops needs keys...)

Browse Source
This commit is contained in:
Christoph Urlacher
2025-07-15 23:26:01 +02:00
parent a0e2a0d0cd
commit a0104bd5d6
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
system/modules/sops-nix/default.nix
View File

@ -26,7 +26,9 @@ in {
defaultSopsFile = ./secrets.yaml;
age = {
keyFile = "/home/${username}/.secrets/age/age.key";
# NOTE: Sops needs the keys before impermanence kicks in
# so we have to link to /persist directly...
keyFile = "/persist/home/${username}/.secrets/age/age.key";
generateKey = false;
sshKeyPaths = [];
};