From 12607ed5627f2969c53fbe8873590232ebc72a5d Mon Sep 17 00:00:00 2001
From: oluceps <i@oluceps.uk>
Date: Sun, 7 Apr 2024 04:18:45 +0800
Subject: [PATCH] feat: works with sysuser

fix: darwin compatible

chore: reformat

Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>
---
 modules/age.nix | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/modules/age.nix b/modules/age.nix
index 86c4447..2850425 100644
--- a/modules/age.nix
+++ b/modules/age.nix
@@ -14,6 +14,11 @@ with lib; let
 
   users = config.users.users;
 
+  sysusersEnabled =
+    if isDarwin
+    then false
+    else config.systemd.sysusers.enable or false;
+
   mountCommand =
     if isDarwin
     then ''
@@ -262,7 +267,28 @@ in {
       ];
     }
 
-    (optionalAttrs (!isDarwin) {
+    (optionalAttrs sysusersEnabled {
+      # When using sysusers we no longer be started as an activation script
+      # because those are started in initrd while sysusers is started later.
+      systemd.services.agenix-install-secrets = {
+        wantedBy = ["sysinit.target"];
+        after = ["systemd-sysusers.service"];
+        unitConfig.DefaultDependencies = "no";
+
+        serviceConfig = {
+          Type = "oneshot";
+          ExecStart = pkgs.writeShellScript "agenix-install" (
+            builtins.concatStringsSep "\n" [
+              newGeneration
+              installSecrets
+              chownSecrets
+            ]
+          );
+          RemainAfterExit = true;
+        };
+      };
+    })
+    (optionalAttrs (!isDarwin && !sysusersEnabled) {
       # Create a new directory full of secrets for symlinking (this helps
       # ensure removed secrets are actually removed, or at least become
       # invalid symlinks).