cleanup secrets into different files and optional set user password etc

author: Tim Keller <tjk@tjkeller.xyz> 2025-07-17 20:03:16 -0500
committer: Tim Keller <tjk@tjkeller.xyz> 2025-07-17 20:03:16 -0500
commit: b74e44f59eff364eb5281f7389f84ae4e3b692fe (patch)
tree: 31635add1d88af5c8d8f7eccf1267abaa0a9423f /modules/root/wifi.nix
parent: 991ae9037461f2993f0f240be2fe4fe24bbeacb6 (diff)
download: nixos-b74e44f59eff364eb5281f7389f84ae4e3b692fe.tar.xz
nixos-b74e44f59eff364eb5281f7389f84ae4e3b692fe.zip
1 files changed, 13 insertions, 0 deletions
diff --git a/modules/root/wifi.nix b/modules/root/wifi.nix
index 542cfd7..96fe5c8 100644
--- a/modules/root/wifi.nix
+++ b/modules/root/wifi.nix
@@ -14,5 +14,18 @@
 		environment.etc."wpa_supplicant.conf" = {
 			source = config.sops.secrets.wpa_supplicant-conf.path;
 		};
+
+		# This service is a workaround to ensure that secrets are available on
+		# reboot when the secret keys are on a separate subvolume
+		systemd.services.npcnix-force-rebuild-sops-hack = {
+			wantedBy = [ "multi-user.target" ];
+			before = [ "wpa_supplicant.service" ];
+			serviceConfig = {
+				ExecStart = "/run/current-system/activate";
+				Type = "oneshot";
+				Restart = "on-failure"; # because oneshot
+				RestartSec = "10s";
+			};
+		};
 	};
 }
author	Tim Keller <tjk@tjkeller.xyz>	2025-07-17 20:03:16 -0500
committer	Tim Keller <tjk@tjkeller.xyz>	2025-07-17 20:03:16 -0500
commit	b74e44f59eff364eb5281f7389f84ae4e3b692fe (patch)
tree	31635add1d88af5c8d8f7eccf1267abaa0a9423f /modules/root/wifi.nix
parent	991ae9037461f2993f0f240be2fe4fe24bbeacb6 (diff)
download	nixos-b74e44f59eff364eb5281f7389f84ae4e3b692fe.tar.xz nixos-b74e44f59eff364eb5281f7389f84ae4e3b692fe.zip