Git now waits for /run/secrets/

2025-10-31 18:57:29 +01:00 · 2025-10-31 18:57:29 +01:00 · 72b8720bcc
commit 72b8720bcc
parent 608cff7116
3 changed files with 20 additions and 6 deletions
--- a/profiles/basic/default.nix
+++ b/profiles/basic/default.nix
@ -64,6 +64,7 @@
    wget
    git
    tree
+    file
    ripgrep
  ];

--- a/profiles/basic/git.nix
+++ b/profiles/basic/git.nix
@ -6,8 +6,6 @@
 }:
 {

-  home-manager.users.mysaa.programs.gpg.homedir = "/run/secrets/gpg/";
-
  home-manager.users.mysaa.programs.git = {
    enable = true;
    userEmail = "mysaa@hadoly.fr";
--- a/profiles/basic/secrets.nix
+++ b/profiles/basic/secrets.nix
@ -4,11 +4,26 @@
  pkgs,
  ...
 }:
-{
+let
+  gpg-wrapper = pkgs.writeShellScriptBin "gpg" ''
+    until ${pkgs.coreutils}/bin/timeout 1 [ -d /run/secrets/gpg/ ]
+    do
+      echo "Waiting for '/run/secrets/' to be mounted" >&2
+      sleep 1
+    done
+    if [ -z "$GNUPGHOME" ]
+    then export GNUPGHOME="/run/secrets/gpg/"
+    fi
+    ${pkgs.gnupg}/bin/gpg "$@"
+  '';
+in {
+
+  home-manager.users.mysaa.home.packages = [
+    gpg-wrapper
+  ];
+
+  home-manager.users.mysaa.programs.git.signing.signer = "${gpg-wrapper}/bin/gpg";

-  home-manager.users.mysaa.home.sessionVariables = {
-    GNUPGHOME = "/run/secrets/gpg/";
-  };
  fileSystems."/run/secrets" = {
    device = "/dev/disk/by-uuid/545bfd15-0973-4395-9d05-6c4c78a9e45c";
    fsType = "ext4";