fix bugs for t495 and cleanup

author: Tim Keller <tjkeller.xyz> 2024-11-05 10:00:57 -0600
committer: Tim Keller <tjkeller.xyz> 2024-11-05 10:00:57 -0600
commit: 78d758b4b22e1150b32f3643ef5a9f04f76abf26 (patch)
tree: 0e770f821caa8040ccc4ff383824c92fe5641b50 /modules/root/secrets.nix
parent: e2796bbd4ff55fcaacbceddd996890593c2b762a (diff)
download: nixos-78d758b4b22e1150b32f3643ef5a9f04f76abf26.tar.xz
nixos-78d758b4b22e1150b32f3643ef5a9f04f76abf26.zip
1 files changed, 16 insertions, 0 deletions
diff --git a/modules/root/secrets.nix b/modules/root/secrets.nix
index 464a8f2..bfeb542 100644
--- a/modules/root/secrets.nix
+++ b/modules/root/secrets.nix
@@ -10,4 +10,20 @@
 			wireless-env = { };
 		};
 	};
+
+	# This service is a workaround to ensure that secrets are available on
+	# reboot when the secret keys are on a separate subvolume
+	systemd.services.npcnix-force-rebuild-sops-hack = {
+		wantedBy = [ "multi-user.target" ];
+		before = [
+			# List all services that require secrets
+			"wpa_supplicant.service"
+		];
+		serviceConfig = {
+			ExecStart = "/run/current-system/activate";
+			Type = "oneshot";
+			Restart = "on-failure"; # because oneshot
+			RestartSec = "10s";
+		};
+	};
 }
author	Tim Keller <tjkeller.xyz>	2024-11-05 10:00:57 -0600
committer	Tim Keller <tjkeller.xyz>	2024-11-05 10:00:57 -0600
commit	78d758b4b22e1150b32f3643ef5a9f04f76abf26 (patch)
tree	0e770f821caa8040ccc4ff383824c92fe5641b50 /modules/root/secrets.nix
parent	e2796bbd4ff55fcaacbceddd996890593c2b762a (diff)
download	nixos-78d758b4b22e1150b32f3643ef5a9f04f76abf26.tar.xz nixos-78d758b4b22e1150b32f3643ef5a9f04f76abf26.zip