all: guard global sops stuff with needsDeploy

2024-05-31 08:35:21 -06:00 · 2024-05-31 08:35:21 -06:00 · 455586ec1c
commit 455586ec1c
parent 2d8c791d19
1 changed files with 9 additions and 8 deletions
--- a/default.nix
+++ b/default.nix
@ -66,14 +66,15 @@ in
    sops = {
      age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];

-      secrets = {
-        xin_secrets_deploy_key = {
-          sopsFile = config.xin-secrets.deploy;
-          owner = "root";
-          group = "wheel";
-          mode = "400";
-        };
-      };
+      secrets =
+        if config.needsDeploy.enable then {
+          xin_secrets_deploy_key = {
+            sopsFile = config.xin-secrets.deploy;
+            owner = "root";
+            group = "wheel";
+            mode = "400";
+          };
+        } else { };
    };