try fixing templates on home-manager

Mic92 · Nov 28, 2024 · a86f043 · a86f043
1 parent 3433ea1
commit a86f043
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 4 deletions.
diff --git a/modules/home-manager/sops.nix b/modules/home-manager/sops.nix
@@ -99,6 +99,7 @@ let
         sshKeyPaths = cfg.gnupg.sshKeyPaths;
         ageKeyFile = cfg.age.keyFile;
         ageSshKeyPaths = cfg.age.sshKeyPaths;
+        placeholderBySecretName = cfg.placeholder;
         userMode = true;
         logging = {
           keyImport = builtins.elem "keyImport" cfg.log;

diff --git a/modules/home-manager/templates.nix b/modules/home-manager/templates.nix
@@ -12,6 +12,8 @@ let
     mapAttrs
     types
     ;
+
+  hmConfig = config;
 in
 {
   options.sops = {
@@ -33,7 +35,7 @@ in
                 description = "Path where the rendered file will be placed";
                 type = types.singleLineStr;
                 # Keep this in sync with `RenderedSubdir` in `pkgs/sops-install-secrets/main.go`
-                default = "${config.xdg.configHome}/sops-nix/secrets/rendered/${config.name}";
+                default = "${hmConfig.xdg.configHome}/sops-nix/secrets/rendered/${config.name}";
               };
               content = mkOption {
                 type = types.lines;
@@ -97,10 +99,10 @@ in
   };
 
   config = lib.optionalAttrs (options ? sops.secrets) (
-    lib.mkIf (config.sops.templates != { }) {
+    lib.mkIf (hmConfig.sops.templates != { }) {
       sops.placeholder = mapAttrs (
         name: _: mkDefault "<SOPS:${builtins.hashString "sha256" name}:PLACEHOLDER>"
-      ) config.sops.secrets;
+      ) hmConfig.sops.secrets;
     }
   );
 }
diff --git a/pkgs/sops-install-secrets/main.go b/pkgs/sops-install-secrets/main.go
@@ -698,7 +698,11 @@ func (app *appContext) validateManifest() error {
 		// The Nix module only defines placeholders for secrets if there are
 		// templates.
 		if len(m.Templates) > 0 {
-			placeholder := m.PlaceholderBySecretName[secret.Name]
+			placeholder, present := m.PlaceholderBySecretName[secret.Name]
+			if !present {
+				return fmt.Errorf("placeholder for %s not fount in manifest", secret.Name)
+			}
+
 			app.secretByPlaceholder[placeholder] = secret
 		}
 	}