feat: works with sysuser

ryantm · Apr 6, 2024 · b4923d7 · b4923d7
1 parent 1381a75
commit b4923d7
Showing 1 changed file with 24 additions and 1 deletion.
diff --git a/modules/age.nix b/modules/age.nix
@@ -14,6 +14,8 @@ with lib; let
 
   users = config.users.users;
 
+  sysusersEnabled = options.systemd ? sysusers;
+
   mountCommand =
     if isDarwin
     then ''
@@ -262,7 +264,28 @@ in {
       ];
     }
 
-    (optionalAttrs (!isDarwin) {
+    (optionalAttrs sysusersEnabled {
+      # When using sysusers we no longer be started as an activation script because those
+      # are started in initrd while sysusers is started later.
+      systemd.services.agenix-install-secrets = {
+        wantedBy = ["sysinit.target"];
+        after = ["systemd-sysusers.service"];
+        unitConfig.DefaultDependencies = "no";
+
+        serviceConfig = {
+          Type = "oneshot";
+          ExecStart = pkgs.writeShellScript "agenix-install" (
+            builtins.concatStringsSep "\n" [
+              newGeneration
+              installSecrets
+              chownSecrets
+            ]
+          );
+          RemainAfterExit = true;
+        };
+      };
+    })
+    (optionalAttrs (!isDarwin && !sysusersEnabled) {
       # Create a new directory full of secrets for symlinking (this helps
       # ensure removed secrets are actually removed, or at least become
       # invalid symlinks).