From a86f04314f535ff2f9938167d552cdec8ec3251b Mon Sep 17 00:00:00 2001 From: jobs62 Date: Thu, 28 Nov 2024 16:38:51 +0100 Subject: [PATCH] try fixing templates on home-manager --- modules/home-manager/sops.nix | 1 + modules/home-manager/templates.nix | 8 +++++--- pkgs/sops-install-secrets/main.go | 6 +++++- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/modules/home-manager/sops.nix b/modules/home-manager/sops.nix index 68ca8422..575c5fc4 100644 --- a/modules/home-manager/sops.nix +++ b/modules/home-manager/sops.nix @@ -99,6 +99,7 @@ let sshKeyPaths = cfg.gnupg.sshKeyPaths; ageKeyFile = cfg.age.keyFile; ageSshKeyPaths = cfg.age.sshKeyPaths; + placeholderBySecretName = cfg.placeholder; userMode = true; logging = { keyImport = builtins.elem "keyImport" cfg.log; diff --git a/modules/home-manager/templates.nix b/modules/home-manager/templates.nix index c64802a1..460f2742 100644 --- a/modules/home-manager/templates.nix +++ b/modules/home-manager/templates.nix @@ -12,6 +12,8 @@ let mapAttrs types ; + + hmConfig = config; in { options.sops = { @@ -33,7 +35,7 @@ in description = "Path where the rendered file will be placed"; type = types.singleLineStr; # Keep this in sync with `RenderedSubdir` in `pkgs/sops-install-secrets/main.go` - default = "${config.xdg.configHome}/sops-nix/secrets/rendered/${config.name}"; + default = "${hmConfig.xdg.configHome}/sops-nix/secrets/rendered/${config.name}"; }; content = mkOption { type = types.lines; @@ -97,10 +99,10 @@ in }; config = lib.optionalAttrs (options ? sops.secrets) ( - lib.mkIf (config.sops.templates != { }) { + lib.mkIf (hmConfig.sops.templates != { }) { sops.placeholder = mapAttrs ( name: _: mkDefault "" - ) config.sops.secrets; + ) hmConfig.sops.secrets; } ); } diff --git a/pkgs/sops-install-secrets/main.go b/pkgs/sops-install-secrets/main.go index 280df4c9..36b52f00 100644 --- a/pkgs/sops-install-secrets/main.go +++ b/pkgs/sops-install-secrets/main.go @@ -698,7 +698,11 @@ func (app *appContext) validateManifest() error { // The Nix module only defines placeholders for secrets if there are // templates. if len(m.Templates) > 0 { - placeholder := m.PlaceholderBySecretName[secret.Name] + placeholder, present := m.PlaceholderBySecretName[secret.Name] + if !present { + return fmt.Errorf("placeholder for %s not fount in manifest", secret.Name) + } + app.secretByPlaceholder[placeholder] = secret } }