1 files changed, 19 insertions, 12 deletions

diff --git a/labsrv01/home.nix b/labsrv01/home.nix
index b016b9e..c5b5989 100644
--- a/labsrv01/home.nix
+++ b/labsrv01/home.nix
@@ -81,16 +81,23 @@
   services.gpg-agent = {
     enable = true;
   };
-  home.activation.importGpgPrivateKey = config.lib.dag.entryAfter ["sops-nix" "onFilesChange"] ''
-    export GNUPGHOME="${config.programs.gpg.homedir}"
-    run ${pkgs.gnupg}/bin/gpg --batch --verbose --trust-model always --import "${config.sops.secrets.kj_gpg_private_key.path}"
-    echo "GPG private key imported from sops secret"
-  '';
-  home.activation.setSSHPublicKey = config.lib.dag.entryAfter ["sops-nix" "onFilesChange"] ''
-    writeSSHKeygenPublicPart() {
-      ${pkgs.openssh}/bin/ssh-keygen -y -f ~/.ssh/id_ed25519 | tee ~/.ssh/id_ed25519.pub
-    }
-    echo "Setting SSH public key from private part"
-    run writeSSHKeygenPublicPart
-  '';
+  systemd.user.services.manage-secrets = {
+    Unit = {
+      Description = "Import GPG and SSH keys from sops secrets";
+      After = [ "sops-nix.service" ];
+      Requires = [ "sops-nix.service" ];
+    };
+    Service = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      ExecStart = toString (pkgs.writeShellScript "manage-secrets" ''
+        export GNUPGHOME="${config.programs.gpg.homedir}"
+        ${pkgs.gnupg}/bin/gpg --batch --verbose --trust-model always --import "${config.sops.secrets.kj_gpg_private_key.path}"
+        ${pkgs.openssh}/bin/ssh-keygen -y -f "${config.home.homeDirectory}/.ssh/id_ed25519" > "${config.home.homeDirectory}/.ssh/id_ed25519.pub"
+      '');
+    };
+    Install = {
+      WantedBy = [ "default.target" ];
+    };
+  };
 }