karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix occasional sops-nix error

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-01-05 08:24:36 +02:00
parent cddf5f019f
commit f8e94f146b
3 changed files with 36 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
hosts/common/configs/system/impermanence/options.nix
View File

@@ -91,9 +91,9 @@ in
'';
};
_path = mkOption {
path = mkOption {
type = str;
internal = true;
readOnly = true;
default = name;
};
@@ -102,9 +102,9 @@ in
internal = true;
};
_source = mkOption {
source = mkOption {
type = str;
internal = true;
readOnly = true;
};
_targetRoot = mkOption {
@@ -112,9 +112,9 @@ in
internal = true;
};
_target = mkOption {
target = mkOption {
type = str;
internal = true;
readOnly = true;
};
};
}
@@ -129,18 +129,18 @@ in
builtins.mapAttrs (
_: config:
let
_path = config._path;
path = config.path;
_sourceRoot = persistence;
_source = mergePaths [
source = mergePaths [
_sourceRoot
_path
path
];
_targetRoot =
let
parents = lists.reverseList (parentsOf _path);
parents = lists.reverseList (parentsOf path);
in
lists.foldl' (
acc: parent:
@@ -152,21 +152,21 @@ in
acc
) "/" parents;
_target = mergePaths [
target = mergePaths [
_targetRoot
_path
path
];
in
config
// {
inherit
_sourceRoot
_source
source
_targetRoot
_target
target
;
service = "${utils.escapeSystemdPath _target}.service";
mount = "${utils.escapeSystemdPath _target}.mount";
service = "${utils.escapeSystemdPath target}.service";
mount = "${utils.escapeSystemdPath target}.mount";
}
) items
) ps;
@@ -184,14 +184,14 @@ in
systemd = {
mounts = builtins.map (c: {
description = c._path;
description = c.path;
requiredBy = [ "local-fs.target" ];
requires = [ c.service ];
bindsTo = [ c.service ];
after = [ c.service ];
unitConfig.ConditionPathExists = [ (lib.strings.escape [ " " ] c._source) ];
what = c._source;
where = c._target;
unitConfig.ConditionPathExists = [ (lib.strings.escape [ " " ] c.source) ];
what = c.source;
where = c.target;
options = lib.strings.concatStringsSep "," ([
"bind"
"X-fstrim.notrim"
@@ -201,9 +201,9 @@ in
services = builtins.listToAttrs (
builtins.map (c: {
name = utils.escapeSystemdPath c._target;
name = utils.escapeSystemdPath c.target;
value = {
description = c._path;
description = c.path;
after = [ "local-fs-pre.target" ];
requiredBy = [
"local-fs.target"
@@ -227,14 +227,14 @@ in
script = ''
source=${lib.strings.escapeShellArg c._sourceRoot}
target=${lib.strings.escapeShellArg c._targetRoot}
path=${lib.strings.escapeShellArg c._path}
path=${lib.strings.escapeShellArg c.path}
${builtins.readFile ./scripts/start.sh}
'';
preStop = ''
source=${lib.strings.escapeShellArg c._sourceRoot}
target=${lib.strings.escapeShellArg c._targetRoot}
path=${lib.strings.escapeShellArg c._path}
path=${lib.strings.escapeShellArg c.path}
${builtins.readFile ./scripts/stop.sh}
'';
@@ -245,7 +245,7 @@ in
assertions =
let
paths = builtins.map (c: c._path) all;
paths = builtins.map (c: c.path) all;
duplicates = lib.lists.filter (t: lib.lists.count (o: o == t) paths > 1) (lib.lists.unique paths);
in
[

9
hosts/common/configs/system/sops/default.nix
View File

@@ -1,4 +1,9 @@
{ inputs, pkgs, ... }:
{
config,
inputs,
pkgs,
...
}:
{
imports = [ inputs.sops-nix.nixosModules.sops ];
@@ -9,7 +14,7 @@
sops.age = {
generateKey = true;
sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ];
sshKeyPaths = [ config.environment.persistence."/persist"."/etc/ssh/ssh_host_ed25519_key".source ];
keyFile = "/var/lib/sops-nix/key.txt";
};
}