With the following service:
systemd.services = lib.mapAttrs' (
User: info:
lib.nameValuePair "${User}-default-passage-identities-file" (
lib.mkIf config.home-manager.users.${User}.passage.enable {
description = "create passage identities and recipients files for ${User}";
wantedBy = [ "multi-user.target" ];
requiredBy = [ "sops-install-secrets.service" ];
before = [
"sops-install-secrets.service"
"home-manager-${User}.service"
];
path = with pkgs; [
age-keygen-deterministic
expect
];
script =
let
identities = config.home-manager.users.${User}.home.sessionVariables.PASSAGE_IDENTITIES_FILE;
in
''
if [[ ! -s "${identities}" ]]; then
cp "${rootPath}/common/users/local/dirs/${User}/.passage/identities" "${identities}"
passphrase=$(systemd-ask-password "Enter passphrase:")
systemd-tty-ask-password-agent
echo "$passphrase"
expect -c "log_user 0; spawn age-keygen-deterministic; expect -re \"Enter passphrase:\"; log_user 1; send \"''${passphrase}\n\"; expect eof" | tee /root/.age/akd >> "${identities}"
chown ${User}:${info.group} ${identities}
fi
'';
serviceConfig.Type = "oneshot";
}
)
) config.users.loginUsers;
I expected the service to ask me for a password during systemd-ask-password and / or systemd-tty-ask-password-agent. It is either hanging or somehow being skipped instead. Is there anything else I need to do here?