Don't decrypt user's sops secrets as root

2024-11-21 21:17:56 +01:00 · 2024-11-21 21:17:56 +01:00 · 544cf42357
commit 544cf42357
parent a5be4ddbb2
2 changed files with 2 additions and 2 deletions
--- a/machines/gamepc/configuration.nix
+++ b/machines/gamepc/configuration.nix
@ -39,7 +39,7 @@ in {
        };

        pim-sops-age-key = {
-          keyCommand = ["sudo" sops "--extract" "[\"sops_age_key\"]" "-d" "${self}/machines/gamepc/pim.sops.yaml"];
+          keyCommand = [sops "--extract" "[\"sops_age_key\"]" "-d" "${self}/machines/gamepc/pim.sops.yaml"];
          name = "keys.txt";
          destDir = "/home/pim/.config/sops/age";
          user = "pim";
--- a/machines/sue/configuration.nix
+++ b/machines/sue/configuration.nix
@ -35,7 +35,7 @@ in {
        };

        pim-sops-age-key = {
-          keyCommand = ["sudo" sops "--extract" "[\"sops_age_key\"]" "-d" "${self}/machines/sue/pim.sops.yaml"];
+          keyCommand = [sops "--extract" "[\"sops_age_key\"]" "-d" "${self}/machines/sue/pim.sops.yaml"];
          name = "keys.txt";
          destDir = "/home/pim/.config/sops/age";
          user = "pim";