From 455586ec1ce7b951db2c0ec20846b7ae1f63b283 Mon Sep 17 00:00:00 2001
From: Aaron Bieber <aaron@bolddaemon.com>
Date: Fri, 31 May 2024 08:35:21 -0600
Subject: [PATCH] all: guard global sops stuff with needsDeploy

---
 default.nix | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/default.nix b/default.nix
index 23e81ac..a724549 100644
--- a/default.nix
+++ b/default.nix
@@ -66,14 +66,15 @@ in
     sops = {
       age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
 
-      secrets = {
-        xin_secrets_deploy_key = {
-          sopsFile = config.xin-secrets.deploy;
-          owner = "root";
-          group = "wheel";
-          mode = "400";
-        };
-      };
+      secrets =
+        if config.needsDeploy.enable then {
+          xin_secrets_deploy_key = {
+            sopsFile = config.xin-secrets.deploy;
+            owner = "root";
+            group = "wheel";
+            mode = "400";
+          };
+        } else { };
     };