1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2024-12-14 11:57:52 +00:00

home-manager/darwin: run sops-nix-user _once_ on login or activation

Correct a bug where 'KeepAlive' in the launchd service
'org.nix-community.home.sops-nix.plist'
re-runs 'sops-nix-user' every few seconds.

This should run:

- once at boot
- once at home-manager profile activation

Signed-off-by: Sirio Balmelli <sirio@b-ad.ch>
This commit is contained in:
Sirio Balmelli 2024-02-13 17:06:49 +01:00 committed by Jörg Thalheim
parent 695275c349
commit 48afd3264e

View file

@ -244,18 +244,27 @@ in {
Install.WantedBy = if cfg.gnupg.home != null then [ "graphical-session-pre.target" ] else [ "default.target" ]; Install.WantedBy = if cfg.gnupg.home != null then [ "graphical-session-pre.target" ] else [ "default.target" ];
}; };
# Darwin: load secrets once on login
launchd.agents.sops-nix = { launchd.agents.sops-nix = {
enable = true; enable = true;
config = { config = {
ProgramArguments = [ script ]; Program = script;
KeepAlive = { KeepAlive = false;
Crashed = false; RunAtLoad = true;
SuccessfulExit = false;
};
ProcessType = "Background";
StandardOutPath = "${config.home.homeDirectory}/Library/Logs/SopsNix/stdout"; StandardOutPath = "${config.home.homeDirectory}/Library/Logs/SopsNix/stdout";
StandardErrorPath = "${config.home.homeDirectory}/Library/Logs/SopsNix/stderr"; StandardErrorPath = "${config.home.homeDirectory}/Library/Logs/SopsNix/stderr";
}; };
}; };
# darwin: [re]load secrets on home-manager activation
home.activation = lib.mkIf pkgs.stdenv.hostPlatform.isDarwin {
sops-nix = let
domain-target = "gui/$(id -u ${config.home.username})";
in ''
/bin/launchctl bootout ${domain-target}/org.nix-community.home.sops-nix && true
/bin/launchctl bootstrap ${domain-target} ${config.home.homeDirectory}/Library/LaunchAgents/org.nix-community.home.sops-nix.plist
'';
};
}; };
} }