From 13e8dba41781d42d4c43fa4654f2b070a4b059b6 Mon Sep 17 00:00:00 2001
From: lassulus <git@lassul.us>
Date: Thu, 5 Oct 2023 16:24:33 +0200
Subject: [PATCH] password-store: generate each secret in tmpdir

---
 nixosModules/clanCore/secrets/password-store.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/nixosModules/clanCore/secrets/password-store.nix b/nixosModules/clanCore/secrets/password-store.nix
index 7f448cebd..998450f9a 100644
--- a/nixosModules/clanCore/secrets/password-store.nix
+++ b/nixosModules/clanCore/secrets/password-store.nix
@@ -30,6 +30,10 @@ in
         # if any of the secrets are missing, we regenerate all connected facts/secrets
         (if ! (${lib.concatMapStringsSep " && " (x: "test -e ${passwordstoreDir}/machines/${config.clanCore.machineName}/${x.name}.gpg >/dev/null") (lib.attrValues v.secrets)}); then
 
+          tmpdir=$(mktemp -d)
+          trap "rm -rf $tmpdir" EXIT
+          cd $tmpdir
+
           facts=$(mktemp -d)
           trap "rm -rf $facts" EXIT
           secrets=$(mktemp -d)