fix(sops): use NixOS system module on WSL to avoid systemd user service failure
This commit is contained in:
+22
-7
@@ -1,7 +1,22 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
sops = {
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
isDarwin = pkgs.stdenv.isDarwin;
|
||||
|
||||
# On Darwin, sops secrets are managed by the home-manager module;
|
||||
# on NixOS, they are managed by the system module → /run/secrets/<name>.
|
||||
secretPath = name: if isDarwin then config.sops.secrets.${name}.path else "/run/secrets/${name}";
|
||||
in
|
||||
{
|
||||
# sops home-manager config — Darwin only
|
||||
# NixOS uses the system-level module (modules/nixos/secrets.nix)
|
||||
# to avoid systemd user service issues on WSL.
|
||||
sops = lib.mkIf isDarwin {
|
||||
age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
|
||||
defaultSopsFile = ../secrets/secrets.yaml;
|
||||
defaultSopsFormat = "yaml";
|
||||
@@ -29,10 +44,10 @@
|
||||
programs.fish.interactiveShellInit = ''
|
||||
# sops-nix secrets → env vars
|
||||
for pair in \
|
||||
AI_GATEWAY_BASE_URL:${config.sops.secrets.ai_gateway_base_url.path} \
|
||||
AI_GATEWAY_API_KEY:${config.sops.secrets.ai_gateway_api_key.path} \
|
||||
EXA_API_KEY:${config.sops.secrets.exa_api_key.path} \
|
||||
CONTEXT7_API_KEY:${config.sops.secrets.context7_api_key.path}
|
||||
AI_GATEWAY_BASE_URL:${secretPath "ai_gateway_base_url"} \
|
||||
AI_GATEWAY_API_KEY:${secretPath "ai_gateway_api_key"} \
|
||||
EXA_API_KEY:${secretPath "exa_api_key"} \
|
||||
CONTEXT7_API_KEY:${secretPath "context7_api_key"}
|
||||
set -l parts (string split : $pair)
|
||||
if test -r $parts[2]
|
||||
set -gx $parts[1] (cat $parts[2])
|
||||
|
||||
+11
-4
@@ -4,7 +4,12 @@ let
|
||||
inherit (inputs.nixpkgs) lib;
|
||||
|
||||
# Shared home-manager configuration block
|
||||
homeManagerConfig = username: {
|
||||
homeManagerConfig =
|
||||
{
|
||||
username,
|
||||
sharedModules ? [ ],
|
||||
}:
|
||||
{
|
||||
home-manager = {
|
||||
useGlobalPkgs = true;
|
||||
useUserPackages = true;
|
||||
@@ -12,7 +17,8 @@ let
|
||||
sharedModules = [
|
||||
inputs.sops-nix.homeManagerModules.sops
|
||||
inputs.lazyvim.homeManagerModules.default
|
||||
];
|
||||
]
|
||||
++ sharedModules;
|
||||
extraSpecialArgs = {
|
||||
inherit inputs username;
|
||||
};
|
||||
@@ -39,7 +45,8 @@ in
|
||||
../modules/nixos
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
inputs.catppuccin.nixosModules.catppuccin
|
||||
(homeManagerConfig username)
|
||||
inputs.sops-nix.nixosModules.sops
|
||||
(homeManagerConfig { inherit username; })
|
||||
{ networking.hostName = hostname; }
|
||||
]
|
||||
++ extraModules;
|
||||
@@ -62,7 +69,7 @@ in
|
||||
../modules/shared
|
||||
../modules/darwin
|
||||
inputs.home-manager.darwinModules.home-manager
|
||||
(homeManagerConfig username)
|
||||
(homeManagerConfig { inherit username; })
|
||||
{ networking.hostName = hostname; }
|
||||
]
|
||||
++ extraModules;
|
||||
|
||||
@@ -5,6 +5,7 @@
|
||||
./base.nix
|
||||
./docker.nix
|
||||
./locale.nix
|
||||
./secrets.nix
|
||||
];
|
||||
|
||||
# ── Default shell ──────────────────────────────────
|
||||
|
||||
@@ -0,0 +1,28 @@
|
||||
{ username, ... }:
|
||||
|
||||
{
|
||||
# ── sops (system-level) ─────────────────────────────
|
||||
# Use NixOS module instead of home-manager module to avoid
|
||||
# systemd user service issues on WSL.
|
||||
# Secrets are placed in /run/secrets/<name>.
|
||||
sops = {
|
||||
age.sshKeyPaths = [ "/home/${username}/.ssh/id_ed25519" ];
|
||||
defaultSopsFile = ../../secrets/secrets.yaml;
|
||||
defaultSopsFormat = "yaml";
|
||||
|
||||
secrets = {
|
||||
ai_gateway_base_url = {
|
||||
owner = username;
|
||||
};
|
||||
ai_gateway_api_key = {
|
||||
owner = username;
|
||||
};
|
||||
exa_api_key = {
|
||||
owner = username;
|
||||
};
|
||||
context7_api_key = {
|
||||
owner = username;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
Reference in New Issue
Block a user