blob: 47262fdeeaa02916dadfd507d2af872eefcb718a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
{ pkgs, inputs, config, userDetails, ... }: {
imports = [ inputs.sops-nix.nixosModules.sops ];
sops = {
defaultSopsFile = ./resources/secrets/secrets.yaml;
defaultSopsFormat = "yaml";
age.keyFile = "${userDetails.home.root}/.config/sops/age/keys.txt";
secrets = {
wpa_supplicant-conf = { };
hashed-root-password = { };
};
};
# This service is a workaround to ensure that secrets are available on
# reboot when the secret keys are on a separate subvolume
systemd.services.npcnix-force-rebuild-sops-hack = {
wantedBy = [ "multi-user.target" ];
before = [
# List all services that require secrets
"wpa_supplicant.service"
];
serviceConfig = {
ExecStart = "/run/current-system/activate";
Type = "oneshot";
Restart = "on-failure"; # because oneshot
RestartSec = "10s";
};
};
}
|
