commit 79e2a62da116cd93f5f4ba3b2f389a80a84b3e0c
parent fd250bee508df8968da69be966782aaf866edaef
Author: Katja Ramona Sophie Kwast (zaphyra) <git@zaphyra.eu>
Date: Tue, 19 Aug 2025 12:12:58 +0200
parent fd250bee508df8968da69be966782aaf866edaef
Author: Katja Ramona Sophie Kwast (zaphyra) <git@zaphyra.eu>
Date: Tue, 19 Aug 2025 12:12:58 +0200
config/nixos/modules/services/openssh: start `sops-install-secrets` _after_ after`/nix/persist` got mounted
1 file changed, 2 insertions(+), 0 deletions(-)
diff --git a/config/nixos/modules/services/openssh.nix b/config/nixos/modules/services/openssh.nix @@ -36,6 +36,8 @@ in }; }; + systemd.services.sops-install-secrets.after = lib.mkIf config.modules.filesystem.impermanence.system.enable [ "nix-persist.mount" ]; + # this is required because the secrets need to be decryped before the users get created # but the impermanence bind-mounts get created _after_ the user creation... sops.age.sshKeyPaths = [