From 544cf42357d01f1a19b45752d949394a2d7628e1 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Thu, 21 Nov 2024 21:17:56 +0100
Subject: [PATCH] Don't decrypt user's sops secrets as root

---
 machines/gamepc/configuration.nix | 2 +-
 machines/sue/configuration.nix    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/machines/gamepc/configuration.nix b/machines/gamepc/configuration.nix
index c291861..b5a2146 100644
--- a/machines/gamepc/configuration.nix
+++ b/machines/gamepc/configuration.nix
@@ -39,7 +39,7 @@ in {
         };
 
         pim-sops-age-key = {
-          keyCommand = ["sudo" sops "--extract" "[\"sops_age_key\"]" "-d" "${self}/machines/gamepc/pim.sops.yaml"];
+          keyCommand = [sops "--extract" "[\"sops_age_key\"]" "-d" "${self}/machines/gamepc/pim.sops.yaml"];
           name = "keys.txt";
           destDir = "/home/pim/.config/sops/age";
           user = "pim";
diff --git a/machines/sue/configuration.nix b/machines/sue/configuration.nix
index 63c4919..20485cb 100644
--- a/machines/sue/configuration.nix
+++ b/machines/sue/configuration.nix
@@ -35,7 +35,7 @@ in {
         };
 
         pim-sops-age-key = {
-          keyCommand = ["sudo" sops "--extract" "[\"sops_age_key\"]" "-d" "${self}/machines/sue/pim.sops.yaml"];
+          keyCommand = [sops "--extract" "[\"sops_age_key\"]" "-d" "${self}/machines/sue/pim.sops.yaml"];
           name = "keys.txt";
           destDir = "/home/pim/.config/sops/age";
           user = "pim";