diff --git a/lib/modules/custom-sops-nix.nix b/lib/modules/custom-sops-nix.nix index 80faa36..cf33f47 100644 --- a/lib/modules/custom-sops-nix.nix +++ b/lib/modules/custom-sops-nix.nix @@ -26,32 +26,46 @@ }; config = { - users.users = - with { inherit (config.virtualisation.vmVariantWithBootLoader.users) sopsPasswordOverride; }; - (lib.mkIf - sopsPasswordOverride.enable - ( - builtins.listToAttrs ( - builtins.map ( - name: { - inherit name; + virtualisation = + let + extendVMConfig = + vmVariant: { + users.users = + with { inherit (vmVariant.users) sopsPasswordOverride; }; + (lib.mkIf + sopsPasswordOverride.enable + ( + builtins.listToAttrs ( + builtins.map ( + name: { + inherit name; - value = { - hashedPasswordFile = lib.mkVMOverride null; - hashedPassword = sopsPasswordOverride.hashedPassword; - password = sopsPasswordOverride.password; - }; - }) - (builtins.filter - ( - name: - let - user = config.users.users.${name}; - in - ( - (user.hashedPasswordFile != null) && - (lib.strings.hasPrefix "/run/secrets-for-users/" user.hashedPasswordFile) - )) - (builtins.attrNames config.users.users))))); + value = { + hashedPasswordFile = lib.mkVMOverride null; + hashedPassword = sopsPasswordOverride.hashedPassword; + password = sopsPasswordOverride.password; + }; + }) + (builtins.filter + ( + name: + let + user = config.users.users.${name}; + in + ( + (user.hashedPasswordFile != null) && + (lib.strings.hasPrefix "/run/secrets-for-users/" user.hashedPasswordFile) + )) + (builtins.attrNames config.users.users))))); + }; + + inherit (config.virtualisation) + vmVariant + vmVariantWithBootLoader + ; + in { + vmVariant = extendVMConfig vmVariant; + vmVariantWithBootLoader = extendVMConfig vmVariantWithBootLoader; + }; }; } \ No newline at end of file