Fuckin ensure the dir exists for secrets

2023-06-06 14:34:58 -07:00 · 2023-06-06 14:34:58 -07:00 · bae4f4ddef
parent 179dda3ec6
commit bae4f4ddef
1 changed files with 10 additions and 0 deletions
--- a/lib/fudo/secrets.nix
+++ b/lib/fudo/secrets.nix
@ -44,6 +44,16 @@ let
      serviceConfig = {
        Type = "simple";
        RemainAfterExit = true;
+        ExecStartPre =
+          pkgs.writeShellScript "fudo-secret-prep-${secret-name}.sh" ''
+            if [ ! -d ${dirOf target-file} ]; then
+              mkdir -p ${dirOf target-file}
+              chown ${user}:${group} ${dirOf target-file}
+              chmod ${if (group == null) then "0550" else "0500"} ${
+                dirOf target-file
+              }
+            fi
+          '';
        ExecStart =
          let host-master-key = config.fudo.hosts.${target-host}.master-key;
          in decrypt-script {