From bae4f4ddef4de82382c738a677fb9c25fe938135 Mon Sep 17 00:00:00 2001
From: niten <niten@fudo.org>
Date: Tue, 6 Jun 2023 14:34:58 -0700
Subject: [PATCH] Fuckin ensure the dir exists for secrets

---
 lib/fudo/secrets.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lib/fudo/secrets.nix b/lib/fudo/secrets.nix
index 4837d8c..788d01f 100644
--- a/lib/fudo/secrets.nix
+++ b/lib/fudo/secrets.nix
@@ -44,6 +44,16 @@ let
       serviceConfig = {
         Type = "simple";
         RemainAfterExit = true;
+        ExecStartPre =
+          pkgs.writeShellScript "fudo-secret-prep-${secret-name}.sh" ''
+            if [ ! -d ${dirOf target-file} ]; then
+              mkdir -p ${dirOf target-file}
+              chown ${user}:${group} ${dirOf target-file}
+              chmod ${if (group == null) then "0550" else "0500"} ${
+                dirOf target-file
+              }
+            fi
+          '';
         ExecStart =
           let host-master-key = config.fudo.hosts.${target-host}.master-key;
           in decrypt-script {