commit bdc1fc0b3d820df32e7f68a0768abb6c178f45ae
parent 98c8cad5e6f14d122c840c3fa7552255f9501ec6
Author: Katja Ramona Sophie Kwast (zaphyra) <git@zaphyra.eu>
Date: Tue, 19 Aug 2025 12:12:58 +0200
parent 98c8cad5e6f14d122c840c3fa7552255f9501ec6
Author: Katja Ramona Sophie Kwast (zaphyra) <git@zaphyra.eu>
Date: Tue, 19 Aug 2025 12:12:58 +0200
config/nixos/modules/services/openssh: start `sops-install-secrets` _after_ after`/nix/persist` got mounted
1 file changed, 2 insertions(+), 0 deletions(-)
diff --git a/config/nixos/modules/services/openssh.nix b/config/nixos/modules/services/openssh.nix @@ -36,6 +36,8 @@ in }; }; + systemd.services.sops-install-secrets.after = lib.mkIf config.modules.filesystem.impermanence.system.enable [ "nix-persist.mount" ]; + # this is required because the secrets need to be decryped before the users get created # but the impermanence bind-mounts get created _after_ the user creation... sops.age.sshKeyPaths = [