X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fsecrets.nix;h=a149f02ca9baeb873b26d6732102b5944caf8c4d;hb=2edbb2d889bd9d1787bc1745a75c1b6969d148ab;hp=a2424e920fd78eb62021fb70bfb4db8bedb53e73;hpb=717ccfd957e686d773480df817387aebbe79aa48;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/secrets.nix b/modules/secrets.nix
index a2424e9..a149f02 100644
--- a/modules/secrets.nix
+++ b/modules/secrets.nix
@@ -61,14 +61,13 @@
         fi
         '';
     };
-    deployment.keys."secrets.tar" = {
+    system.extraDependencies = [ secrets ];
+    deployment.secrets."secrets.tar" = {
+      source = "${secrets}";
+      destination = "/run/keys/secrets.tar";
+      owner.user = "root";
+      owner.group = "root";
       permissions = "0400";
-      # keyFile below is not evaluated at build time by nixops, so the
-      # `secrets` path doesn’t necessarily exist when uploading the
-      # keys, and nixops is unhappy.
-      user = "root${builtins.substring 10000 1 secrets}";
-      group = "root";
-      keyFile = "${secrets}";
     };
   };
 }