fix: dont redecrypt secrets every time

2024-04-12 12:19:47 +02:00 · 2024-04-12 12:19:47 +02:00 · 3c7b5ac006
parent 39a50168c9
commit 3c7b5ac006
2 changed files with 5 additions and 1 deletions
--- a/config/basic/impermanence.nix
+++ b/config/basic/impermanence.nix
@ -31,6 +31,10 @@ in {
      "/var/log"
      "/var/lib/systemd"
      "/var/lib/nixos"
+      {
+        directory = "/var/tmp/nix-import-encrypted/";
+        mode = "0777";
+      }
      {
        directory = "/var/tmp/agenix-rekey";
        mode = "0777";
--- a/nix/rage-decrypt-and-cache.sh
+++ b/nix/rage-decrypt-and-cache.sh
@ -23,7 +23,7 @@ new_name="$(sha512sum "$file")"
 new_name="${new_name:0:32}-${basename//"/"/"%"}"

 # Derive the path where the decrypted file will be stored
-out="/tmp/nix-import-encrypted/$new_name"
+out="/var/tmp/nix-import-encrypted/$new_name"
 mkdir -p "$(dirname "$out")"

 # Decrypt only if necessary