From 4e3f66f703bae28116f39b0ba877e6a4e025aa25 Mon Sep 17 00:00:00 2001 From: pizmovc Date: Fri, 3 Nov 2023 19:39:10 +0100 Subject: [PATCH] Rename passwordFile to hashedPasswordFile This follows the rename that was done in nixpkgs. Reference PR https://github.com/NixOS/nixpkgs/pull/254080 --- README.md | 4 ++-- pkgs/sops-install-secrets/nixos-test.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 82a8dbd..f5ddd59 100644 --- a/README.md +++ b/README.md @@ -569,7 +569,7 @@ lrwxrwxrwx 1 root root 40 Jul 19 22:36 /var/lib/hass/secrets.yaml -> /run/secret ## Setting a user's password sops-nix has to run after NixOS creates users (in order to specify what users own a secret.) -This means that it's not possible to set `users.users..passwordFile` to any secrets managed by sops-nix. +This means that it's not possible to set `users.users..hashedPasswordFile` to any secrets managed by sops-nix. To work around this issue, it's possible to set `neededForUsers = true` in a secret. This will cause the secret to be decrypted to `/run/secrets-for-users` instead of `/run/secrets` before NixOS creates users. As users are not created yet, it's not possible to set an owner for these secrets. @@ -580,7 +580,7 @@ As users are not created yet, it's not possible to set an owner for these secret users.users.mic92 = { isNormalUser = true; - passwordFile = config.sops.secrets.my-password.path; + hashedPasswordFile = config.sops.secrets.my-password.path; }; } ``` diff --git a/pkgs/sops-install-secrets/nixos-test.nix b/pkgs/sops-install-secrets/nixos-test.nix index 78d023d..d96e616 100644 --- a/pkgs/sops-install-secrets/nixos-test.nix +++ b/pkgs/sops-install-secrets/nixos-test.nix @@ -36,7 +36,7 @@ users.users.example-user = { isNormalUser = true; - passwordFile = config.sops.secrets.test_key.path; + hashedPasswordFile = config.sops.secrets.test_key.path; }; };