From fa8035c073c3f4de07a0e5668be34b1869e51bf9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Thu, 14 Mar 2024 14:29:58 +0100
Subject: [PATCH] use gnupg binary also now for ssh rsa keys

With the last sops bump, our gpg keys are no longer detected by sops without it
---
 modules/sops/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/sops/default.nix b/modules/sops/default.nix
index 255e73a..3d361c1 100644
--- a/modules/sops/default.nix
+++ b/modules/sops/default.nix
@@ -312,7 +312,7 @@ in {
         }]) cfg.secrets)
       );
 
-      sops.environment.SOPS_GPG_EXEC = lib.mkIf (cfg.gnupg.home != null) (lib.mkDefault "${pkgs.gnupg}/bin/gpg");
+      sops.environment.SOPS_GPG_EXEC = lib.mkIf (cfg.gnupg.home != null || cfg.gnupg.sshKeyPaths != []) (lib.mkDefault "${pkgs.gnupg}/bin/gpg");
 
       # When using sysusers we no longer be started as an activation script because those are started in initrd while sysusers is started later.
       systemd.services.sops-install-secrets = lib.mkIf (regularSecrets != { } && sysusersEnabled) {