use systemd tmpfiles instead of sops as sops unloads files when the user logs out

common/users/docker/obsidian/default.nix

@@ -9,39 +9,18 @@
         source = ./docker-compose.yaml;
         target = "./src/obsidian/docker-compose.yaml";
       };
-      # Docker is stupid and wont read a symlinked Dockerfile
-      # couchdb_dockerfile = {
-      #   source = ./Dockerfile;
-      #   target = "./src/obsidian/Dockerfile";
-      # };
-      # not only will it not load a symlinked dockerfile, it refuses to copy any symlinked file
-      # couchdb_vm-args = {
-      #   source = ./vm.args;
-      #   target = "./src/obsidian/vm.args";
-      # };
-      # couchdb_docker-default = {
-      #   source = ./10-docker-default.ini;
-      #   target = "./src/obsidian/10-docker-default.ini";
-      # };
-      # couchdb_docker-entrypoint-sh = {
-      #   source = ./docker-entrypoint.sh;
-      #   target = "./src/obsidian/docker-entrypoint.sh";
-      # };
     };
   };
   systemd = {
     user = {
       tmpfiles = {
         rules = [
-          "C /home/${config.home.username}/src/obsidian/Dockerfile 0444 - - - ${./Dockerfile}"
+          "C /home/${config.home.username}/src/obsidian/Dockerfile 0444 - - 0 ${./Dockerfile}"
-          "C /home/${config.home.username}/src/obsidian/docker-entrypoint.sh 0555 - - - ${./docker-entrypoint.sh}"
+          "C /home/${config.home.username}/src/obsidian/docker-entrypoint.sh 0555 - - 0 ${./docker-entrypoint.sh}"
-          "C /home/${config.home.username}/src/obsidian/10-docker-default.ini 0444 - - - ${./10-docker-default.ini}"
+          "C /home/${config.home.username}/src/obsidian/10-docker-default.ini 0444 - - 0 ${./10-docker-default.ini}"
-          "C /home/${config.home.username}/src/obsidian/vm.args 0444 - - - ${./vm.args}"
+          "C /home/${config.home.username}/src/obsidian/vm.args 0444 - - 0 ${./vm.args}"
-          # root is needed to +i
+          "C /home/${config.home.username}/src/obsidian/docker.ini 0444 - - 0 ${config.sops.secrets.couchdb_docker-ini.path}"
-          # "h /home/${config.home.username}/src/obsidian/Dockerfile - - - - i"
+          "C /home/${config.home.username}/src/obsidian/couchdb.env 0444 - - 0 ${config.sops.secrets.couchdb_env.path}"
-          # "h /home/${config.home.username}/src/obsidian/docker-entrypoint.sh - - - - i"
-          # "h /home/${config.home.username}/src/obsidian/10-docker-default.ini - - - - i"
-          # "h /home/${config.home.username}/src/obsidian/vm.args - - - - i"
         ];
       };
     };
@@ -51,13 +30,11 @@
       couchdb_env = {
         format = "dotenv";
         sopsFile = ./couchdb.env;
-        path = "/home/${config.home.username}/src/obsidian/couchdb.env";
       };
       # encrypted because it has a hashed password
       couchdb_docker-ini = {
         format = "ini";
         sopsFile = ./docker.ini;
-        path = "/home/${config.home.username}/src/obsidian/docker.ini";
       };
     };
   };

common/users/docker/vw/default.nix

@@ -11,22 +11,28 @@
       };
     };
   };
+  systemd = {
+    tmpfiles = {
+      rules = [
+        "C /home/${config.home.username}/src/vw/rclone-config/rclone/rclone.conf 0444 - - 0 ${config.sops.secrets.rclone_config_file.path}"
+        "C /home/${config.home.username}/src/vw/vw.env 0444 - - 0 ${config.sops.secrets.vw.path}"
+        "C /home/${config.home.username}/src/vw/backup.env 0444 - - 0 ${config.sops.secrets.vw_backup.path}"
+      ];
+    };
+  };
   sops = {
     secrets = {
       vw = {
         format = "dotenv";
         sopsFile = ./vw.env;
-        path = "/home/${config.home.username}/src/vw/vw.env";
       };
       rclone_config_file = {
         format = "binary";
         sopsFile = ./rclone.conf;
-        path = "/home/${config.home.username}/src/vw/rclone-config/rclone/rclone.conf";
       };
       vw_backup = {
         format = "dotenv";
         sopsFile = ./backup.env;
-        path = "/home/${config.home.username}/src/vw/backup.env";
       };
     };
   };