fixed sops not decrypting at boot

2025-12-10 00:43:56 -05:00 · 2023-03-12 18:01:35 -04:00 · 2023-03-12 18:01:35 -04:00 · 04f7e566b4
commit 04f7e566b4
parent ca82a01644
2 changed files with 4 additions and 8 deletions
--- a/modules/sops.nix
+++ b/modules/sops.nix
@ -2,7 +2,6 @@
  pkgs,
  self,
  config,
-  lib,
  ...
 }: {
  imports = [
@ -13,6 +12,6 @@
  ];
  sops = {
    defaultSopsFile = "${self}/systems/${config.networking.hostName}/secrets.yaml";
-    age.sshKeyPaths = lib.mkForce ["/etc/ssh/ssh_host_ed25519_key"];
+    age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
  };
 }
--- a/systems/gerg-desktop/erase-your-darlings.nix
+++ b/systems/gerg-desktop/erase-your-darlings.nix
@ -6,13 +6,10 @@ _: {lib, ...}: {
    "L+ /etc/nixos - - - - /persist/nixos"
  ];
  boot.initrd.postDeviceCommands = lib.mkAfter ''
-    zfs snapshot destroy rpool/root@prev
-    zfs snapshot destroy rpool/var@prev
-
-    zfs snapshot create rpool/root@prev
-    zfs snapshot create rpool/var@prev
-
    zfs rollback -r rpool/root@empty
    zfs rollback -r rpool/var@empty
  '';
+  #make sure the sopskey is found
+  sops.age.sshKeyPaths = lib.mkForce ["/persist/ssh/ssh_host_ed25519_key"];
+  fileSystems."/persist".neededForBoot = true;
 }