From 0a56f60005fe682c3f6cab3acd9c728243aeb57b Mon Sep 17 00:00:00 2001
From: a-kenji <aks.kenji@protonmail.com>
Date: Fri, 27 Jun 2025 12:14:38 +0200
Subject: [PATCH] lib/test/sops: Fix secret deployment for test machines

Fix secret deployment for test machines in our NixOS vm and container
tests.

We filter now if we really need to deploy a certain set of files as a
deployment script, which alleviates us running into these edgecases:
```
error: The option `nodes.server.system.activationScripts.setupSecrets.text'
was accessed but has no value defined. Try setting the option.
```
---
 lib/test/sops.nix | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/test/sops.nix b/lib/test/sops.nix
index 5890836e0..9b65604e7 100644
--- a/lib/test/sops.nix
+++ b/lib/test/sops.nix
@@ -6,15 +6,18 @@
   system.activationScripts =
     let
       # https://github.com/Mic92/sops-nix/blob/61154300d945f0b147b30d24ddcafa159148026a/modules/sops/default.nix#L27
-      hasRegularSecrets = lib.filterAttrs (_: v: v.neededForUsers) config.sops.secrets != { };
+      hasRegularSecrets = lib.filterAttrs (_: v: !v.neededForUsers) config.sops.secrets != { };
+      hasUserSecrets = lib.filterAttrs (_: v: v.neededForUsers) config.sops.secrets != { };
     in
     {
       age-key.text = ''
         echo AGE-SECRET-KEY-1PL0M9CWRCG3PZ9DXRTTLMCVD57U6JDFE8K7DNVQ35F4JENZ6G3MQ0RQLRV > /run/age-key.txt
       '';
     }
-    // lib.optionalAttrs (hasRegularSecrets) {
+    // lib.optionalAttrs hasRegularSecrets {
       setupSecrets.deps = [ "age-key" ];
+    }
+    // lib.optionalAttrs hasUserSecrets {
       setupSecretsForUsers.deps = [ "age-key" ];
     };
 }