diff --git a/lib/modules/custom-build-vm.nix b/lib/modules/custom-build-vm.nix index e6de82d..00936a2 100644 --- a/lib/modules/custom-build-vm.nix +++ b/lib/modules/custom-build-vm.nix @@ -78,17 +78,10 @@ in { virtualisation = let extendVMConfig = - vmVariant: overrideSops: { + vmVariant: { # Prevent GRUB2 errors in `nixos-rebuild build-vm-with-bootloader` boot.loader.efi.efiSysMountPoint = lib.mkVMOverride "/boot"; - # Override passwords backed by `sops-nix` as `nixos-rebuild build-vm-with-bootloader` - # does not seem to play along well with `sops-nix` - users.sopsPasswordOverride = lib.mkIf overrideSops { - enable = true; - password = "admin"; - }; - virtualisation = { # Enable root permissions to get access to the `/etc/ssh` directory runAsRoot = lib.mkIf vmVariant.virtualisation.sharedHostKeys true; diff --git a/lib/modules/custom-sops-nix.nix b/lib/modules/custom-sops-nix.nix index e883166..2f7ce09 100644 --- a/lib/modules/custom-sops-nix.nix +++ b/lib/modules/custom-sops-nix.nix @@ -32,7 +32,14 @@ virtualisation = let extendVMConfig = - vmVariant: { + vmVariant: overrideSops: { + # Override passwords backed by `sops-nix` as `nixos-rebuild build-vm-with-bootloader` + # does not seem to play along well with `sops-nix` + users.sopsPasswordOverride = lib.mkIf overrideSops { + enable = lib.mkDefault true; + password = lib.mkDefault "admin"; + }; + users.users = with { inherit (vmVariant.users) sopsPasswordOverride; }; (lib.mkIf @@ -67,8 +74,8 @@ vmVariantWithBootLoader ; in { - vmVariant = extendVMConfig vmVariant; - vmVariantWithBootLoader = extendVMConfig vmVariantWithBootLoader; + vmVariant = extendVMConfig vmVariant false; + vmVariantWithBootLoader = extendVMConfig vmVariantWithBootLoader true; }; }; } \ No newline at end of file