karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix occasional sops-nix error

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-01-05 08:24:36 +02:00
parent cddf5f019f
commit f8e94f146b
3 changed files with 36 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
hosts/common/configs/system/impermanence/options.nix
View File

@@ -91,9 +91,9 @@ in
''; '';
}; };
_path = mkOption { path = mkOption {
type = str; type = str;
internal = true; readOnly = true;
default = name; default = name;
}; };
@@ -102,9 +102,9 @@ in
internal = true; internal = true;
}; };
_source = mkOption { source = mkOption {
type = str; type = str;
internal = true; readOnly = true;
}; };
_targetRoot = mkOption { _targetRoot = mkOption {
@@ -112,9 +112,9 @@ in
internal = true; internal = true;
}; };
_target = mkOption { target = mkOption {
type = str; type = str;
internal = true; readOnly = true;
}; };
}; };
} }
@@ -129,18 +129,18 @@ in
builtins.mapAttrs ( builtins.mapAttrs (
_: config: _: config:
let let
_path = config._path; path = config.path;
_sourceRoot = persistence; _sourceRoot = persistence;
_source = mergePaths [ source = mergePaths [
_sourceRoot _sourceRoot
_path path
]; ];
_targetRoot = _targetRoot =
let let
parents = lists.reverseList (parentsOf _path); parents = lists.reverseList (parentsOf path);
in in
lists.foldl' ( lists.foldl' (
acc: parent: acc: parent:
@@ -152,21 +152,21 @@ in
acc acc
) "/" parents; ) "/" parents;
_target = mergePaths [ target = mergePaths [
_targetRoot _targetRoot
_path path
]; ];
in in
config config
// { // {
inherit inherit
_sourceRoot _sourceRoot
_source source
_targetRoot _targetRoot
_target target
; ;
service = "${utils.escapeSystemdPath _target}.service"; service = "${utils.escapeSystemdPath target}.service";
mount = "${utils.escapeSystemdPath _target}.mount"; mount = "${utils.escapeSystemdPath target}.mount";
} }
) items ) items
) ps; ) ps;
@@ -184,14 +184,14 @@ in
systemd = { systemd = {
mounts = builtins.map (c: { mounts = builtins.map (c: {
description = c._path; description = c.path;
requiredBy = [ "local-fs.target" ]; requiredBy = [ "local-fs.target" ];
requires = [ c.service ]; requires = [ c.service ];
bindsTo = [ c.service ]; bindsTo = [ c.service ];
after = [ c.service ]; after = [ c.service ];
unitConfig.ConditionPathExists = [ (lib.strings.escape [ " " ] c._source) ]; unitConfig.ConditionPathExists = [ (lib.strings.escape [ " " ] c.source) ];
what = c._source; what = c.source;
where = c._target; where = c.target;
options = lib.strings.concatStringsSep "," ([ options = lib.strings.concatStringsSep "," ([
"bind" "bind"
"X-fstrim.notrim" "X-fstrim.notrim"
@@ -201,9 +201,9 @@ in
services = builtins.listToAttrs ( services = builtins.listToAttrs (
builtins.map (c: { builtins.map (c: {
name = utils.escapeSystemdPath c._target; name = utils.escapeSystemdPath c.target;
value = { value = {
description = c._path; description = c.path;
after = [ "local-fs-pre.target" ]; after = [ "local-fs-pre.target" ];
requiredBy = [ requiredBy = [
"local-fs.target" "local-fs.target"
@@ -227,14 +227,14 @@ in
script = '' script = ''
source=${lib.strings.escapeShellArg c._sourceRoot} source=${lib.strings.escapeShellArg c._sourceRoot}
target=${lib.strings.escapeShellArg c._targetRoot} target=${lib.strings.escapeShellArg c._targetRoot}
path=${lib.strings.escapeShellArg c._path} path=${lib.strings.escapeShellArg c.path}
${builtins.readFile ./scripts/start.sh} ${builtins.readFile ./scripts/start.sh}
''; '';
preStop = '' preStop = ''
source=${lib.strings.escapeShellArg c._sourceRoot} source=${lib.strings.escapeShellArg c._sourceRoot}
target=${lib.strings.escapeShellArg c._targetRoot} target=${lib.strings.escapeShellArg c._targetRoot}
path=${lib.strings.escapeShellArg c._path} path=${lib.strings.escapeShellArg c.path}
${builtins.readFile ./scripts/stop.sh} ${builtins.readFile ./scripts/stop.sh}
''; '';
@@ -245,7 +245,7 @@ in
assertions = assertions =
let let
paths = builtins.map (c: c._path) all; paths = builtins.map (c: c.path) all;
duplicates = lib.lists.filter (t: lib.lists.count (o: o == t) paths > 1) (lib.lists.unique paths); duplicates = lib.lists.filter (t: lib.lists.count (o: o == t) paths > 1) (lib.lists.unique paths);
in in
[ [

9
hosts/common/configs/system/sops/default.nix
View File

@@ -1,4 +1,9 @@
{ inputs, pkgs, ... }: {
config,
inputs,
pkgs,
...
}:
{ {
imports = [ inputs.sops-nix.nixosModules.sops ]; imports = [ inputs.sops-nix.nixosModules.sops ];
@@ -9,7 +14,7 @@
sops.age = { sops.age = {
generateKey = true; generateKey = true;
sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ]; sshKeyPaths = [ config.environment.persistence."/persist"."/etc/ssh/ssh_host_ed25519_key".source ];
keyFile = "/var/lib/sops-nix/key.txt"; keyFile = "/var/lib/sops-nix/key.txt";
}; };
} }

9
hosts/common/configs/user/console/sops/default.nix
View File

@@ -9,10 +9,9 @@
home-manager.users.${user} = { home-manager.users.${user} = {
imports = [ inputs.sops-nix.homeManagerModules.sops ]; imports = [ inputs.sops-nix.homeManagerModules.sops ];
sops.age.keyFile = "${home}/.config/sops-nix/key.txt"; sops.age.keyFile =
home.sessionVariables.SOPS_AGE_KEY_FILE = "${home}/.config/sops-nix/key.txt"; config.environment.persistence."/persist"."${home}/.config/sops-nix/key.txt".source;
systemd.user.services.sops-nix.Unit.After = [ home.sessionVariables.SOPS_AGE_KEY_FILE =
config.environment.persistence."/persist"."${home}/.config/sops-nix/key.txt".mount config.environment.persistence."/persist"."${home}/.config/sops-nix/key.txt".source;
];
}; };
} }