root-password: fix password-store support

2024-07-21 17:57:13 +02:00 · 2024-07-21 17:57:13 +02:00 · e79e199c9a
commit e79e199c9a
parent d356a63d6c
1 changed files with 11 additions and 2 deletions
--- a/clanModules/root-password/default.nix
+++ b/clanModules/root-password/default.nix
@ -1,9 +1,18 @@
-{ pkgs, config, ... }:
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
 {
  users.mutableUsers = false;
  users.users.root.hashedPasswordFile =
    config.clan.core.facts.services.root-password.secret.password-hash.path;
-  sops.secrets."${config.clan.core.machineName}-password-hash".neededForUsers = true;
+
+  sops.secrets."${config.clan.core.machineName}-password-hash".neededForUsers = lib.mkIf (
+    config.clan.core.facts.secretStore == "sops"
+  ) true;
+
  clan.core.facts.services.root-password = {
    secret.password = { };
    secret.password-hash = { };