pim/nixos-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Use Colmena's experimental flake-eval feature

Browse source 
Don't extract sops keys as root
This commit is contained in:
Pim Kunis 2024-11-30 23:22:16 +01:00
parent 842d2afbc0
commit a29d10e507
5 changed files with 139 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

4
nixos/default.nix
View file

@ -60,12 +60,10 @@
if user == "root"
then "/root"
else "/home/${user}";
maybeSudo = lib.optional (user == "root") "sudo";
sops = lib.getExe pkgs.sops;
in {
name = "${user}-sops-age-key";
value = {
keyCommand = maybeSudo ++ ["nix" "run" "nixpkgs#sops" "--" "--extract" "[\"sops_age_key\"]" "-d" (builtins.toString sopsFile)];
keyCommand = ["nix" "run" "nixpkgs#sops" "--" "--extract" "[\"sops_age_key\"]" "-d" (builtins.toString sopsFile)];
name = "keys.txt";
destDir = "${homeDirectory}/.config/sops/age";
inherit user;