systemd-creds: reencrypt when .gpg newer than .cred

author Julien Moutinho <julm+julm-nix@sourcephile.fr>

Fri, 24 Feb 2023 11:26:13 +0000 (12:26 +0100)

committer Julien Moutinho <julm+julm-nix@sourcephile.fr>

Fri, 5 May 2023 12:23:14 +0000 (14:23 +0200)
author Julien Moutinho <julm+julm-nix@sourcephile.fr>
Fri, 24 Feb 2023 11:26:13 +0000 (12:26 +0100)
committer Julien Moutinho <julm+julm-nix@sourcephile.fr>
Fri, 5 May 2023 12:23:14 +0000 (14:23 +0200)
diff --git a/nixos/modules/security/systemd-creds.nix b/nixos/modules/security/systemd-creds.nix

index 6895f0d35274c79a8eac7ad9cac0a0121dcfd9d7..d1d0d50163f5c9ec84efccb27ad07cc28f7056a6 100644 (file)
--- a/nixos/modules/security/systemd-creds.nix
+++ b/nixos/modules/security/systemd-creds.nix
@@ -133,7 +133,8 @@ let cfg = config.security.systemd-creds; in
                credPath=${escapeShellArg credPath}
                credBase=''${credPath#${builtins.storeDir}/*/}
                if test "''${SYSTEMD_CREDS_FORCE_REENCRYPT:+set}" \
-                      -o ! -s "$credBase"; then
+                      -o ! -s "$credBase" \
+                      -o -e "''${credBase%.cred}.gpg" -a "$credBase" -ot "''${credBase%.cred}.gpg"; then
                  { ${cfg.decrypt}; } |
                  { ${cfg.shell} -- ${cfg.encrypt} - -; } |
                  { ${cfg.install}; }
author	Julien Moutinho <julm+julm-nix@sourcephile.fr>
	Fri, 24 Feb 2023 11:26:13 +0000 (12:26 +0100)
committer	Julien Moutinho <julm+julm-nix@sourcephile.fr>
	Fri, 5 May 2023 12:23:14 +0000 (14:23 +0200)