fix: sops secrets not rendered on boot

also fixes an org-caldav error that required org/appointments.org to exist
2025-12-06 09:07:21 +01:00 · 2024-08-04 11:21:51 +02:00 · 2024-08-04 11:21:51 +02:00 · 40e81f104b
commit 40e81f104b
parent 175078feee
21 changed files with 855 additions and 1141 deletions
--- a/profiles/common/home/packages.nix
+++ b/profiles/common/home/packages.nix
@ -31,6 +31,7 @@
    nixpkgs-fmt
    deadnix
    statix
+    nix-tree

    # local file sharing
    wormhole-rs
--- a/profiles/common/home/sops.nix
+++ b/profiles/common/home/sops.nix
@ -1,8 +1,15 @@
-{ config, ... }:
+{ config, lib, ... }:
+let
+  mkIfElse = p: yes: no: lib.mkMerge [
+    (lib.mkIf p yes)
+    (lib.mkIf (!p) no)
+  ];
+in
 {
  sops = {
    age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
-    defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml";
+    defaultSopsFile = mkIfElse config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml";
+
    validateSopsFiles = false;
    secrets = {
      mrswarsel = { path = "/run/user/1000/secrets/mrswarsel"; };
--- a/profiles/common/nixos/default.nix
+++ b/profiles/common/nixos/default.nix
@ -25,7 +25,8 @@
    ./login.nix
    ./stylix.nix
    ./power-profiles-daemon.nix
-    ./impermanence.nix
+    # ./impermanence.nix
+    ./nix-ld.nix
  ];

  nix.settings.trusted-users = [ "swarsel" ];
--- a/profiles/common/nixos/impermanence.nix
+++ b/profiles/common/nixos/impermanence.nix
@ -25,7 +25,7 @@

      # We first mount the btrfs root to /mnt
      # so we can manipulate btrfs subvolumes.
-      mount -o subvol=/ /dev/mapper/enc /mnt
+      mount -o subvol=/ /dev/mapper/cryptroot /mnt
      btrfs subvolume list -o /mnt/root

      # While we're tempted to just delete /root and create
@ -58,12 +58,14 @@


  environment.persistence."/persist" = lib.mkIf config.swarselsystems.impermanence {
+    hideMounts = true;
    directories =
      [
        "/.cache/nix/"
        "/srv"
        "/etc/nixos"
        "/etc/nix"
+        "/home/swarsel/.dotfiles"
        "/etc/NetworkManager/system-connections"
        "/etc/secureboot"
        "/var/db/sudo/"
@ -72,8 +74,6 @@
      ];

    files = [
-      # important state
-      "/etc/machine-id"
      # ssh stuff
      /*
      "/etc/ssh/ssh_host_ed25519_key"
--- a/profiles/common/nixos/sops.nix
+++ b/profiles/common/nixos/sops.nix
@ -1,9 +1,16 @@
-{ config, ... }:
+{ config, lib, ... }:
+let
+  mkIfElse = p: yes: no: lib.mkMerge [
+    (lib.mkIf p yes)
+    (lib.mkIf (!p) no)
+  ];
+in
 {
  sops = {

    age.sshKeyPaths = [ "${config.users.users.swarsel.home}/.ssh/sops" ];
-    defaultSopsFile = "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml";
+    defaultSopsFile = mkIfElse config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml";
+
    validateSopsFiles = false;

    secrets = {