sops: decrypt secrets AFTER /nix/ssh has been mounted

2022-06-30 01:30:58 -07:00
parent 1098c66e8d
commit 9123c98595
1 changed files with 7 additions and 0 deletions
--- a/modules/impermanence.nix
+++ b/modules/impermanence.nix
@@ -102,6 +102,13 @@ in
        # { file = "/home/test2"; persistentStoragePath = "/nix/persist"; }
      ];
    };
+
+    systemd.services.sane-sops = {
+      description = "sops relies on /etc/ssh being available, so re-run its activation AFTER fs-local";
+      script = config.system.activationScripts.setupSecrets.text;
+      after = [ "fs-local.target" ];
+      wantedBy = [ "multi-user.target" ];
+    };
  };
 }