diff --git a/modules/sops/default.nix b/modules/sops/default.nix index 255e73a..3d361c1 100644 --- a/modules/sops/default.nix +++ b/modules/sops/default.nix @@ -312,7 +312,7 @@ in { }]) cfg.secrets) ); - sops.environment.SOPS_GPG_EXEC = lib.mkIf (cfg.gnupg.home != null) (lib.mkDefault "${pkgs.gnupg}/bin/gpg"); + sops.environment.SOPS_GPG_EXEC = lib.mkIf (cfg.gnupg.home != null || cfg.gnupg.sshKeyPaths != []) (lib.mkDefault "${pkgs.gnupg}/bin/gpg"); # When using sysusers we no longer be started as an activation script because those are started in initrd while sysusers is started later. systemd.services.sops-install-secrets = lib.mkIf (regularSecrets != { } && sysusersEnabled) {