config/users/pbsds/home/profiles/sops.nix

{ pkgs, config, ... }:

{

  sops.age.generateKey = true;
  sops.age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
  sops.defaultSopsFile = ../../../../secrets/user-pbsds.yaml;

  sops.secrets."age/pvv-infra".path = "%r/sops/age/pvv-infra.txt";

  home.sessionVariables = {
    #SOPS_AGE_KEY_FILE = config.sops.age.keyFile;
    SOPS_AGE_KEY_FILE = "$XDG_RUNTIME_DIR/sops/age/keys.txt";
  };

  systemd.user.services.combine-keys = {
    Install.WantedBy = config.systemd.user.services.sops-nix.Install.WantedBy;
    Unit.After = [ "sops-nix.service" ];
    Service = {
      Type = "oneshot";
      ExecStart = pkgs.writeShellScript "mk-sops-age-key" ''
        set -euo pipefail
        test -n "$XDG_RUNTIME_DIR"
        test -d "$XDG_RUNTIME_DIR"
        test -f ${config.sops.age.keyFile}
        install -Dm600 -t "$XDG_RUNTIME_DIR/sops/age/keys.txt" <(
           cat ${config.sops.age.keyFile}
           if test -s "$XDG_RUNTIME_DIR"/sops/age/pvv-infra.txt; then
             cat "$XDG_RUNTIME_DIR"/pvv-infra.txt
           fi
        )
      '';
    };
  };

}