My nix-darwin and NixOS config
fix: declare sharkey user statically
+9
+9
modules/server/sharkey.nix
+9
modules/server/sharkey.nix
···
37
37
in
38
38
lib.mkIf cfg.services.sharkey.enable {
39
39
40
+
# Declare the sharkey user/group statically so sops-nix can resolve the
41
+
# owner at activation time. The nixpkgs sharkey module creates this user
42
+
# during service activation, which is too late for sops secret ownership.
43
+
users.users.sharkey = {
44
+
isSystemUser = true;
45
+
group = "sharkey";
46
+
};
47
+
users.groups.sharkey = { };
48
+
40
49
sops.secrets."sharkey.env" = {
41
50
sopsFile = ../../secrets/sharkey.env;
42
51
format = "dotenv";