From 130ca378dc514506e23e97fb94dc006bef31c6d4 Mon Sep 17 00:00:00 2001
From: lassulus <git@lassul.us>
Date: Thu, 5 Oct 2023 16:24:33 +0200
Subject: [PATCH 1/3] password-store: generate each secret in tmpdir

---
 nixosModules/clanCore/secrets/password-store.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/nixosModules/clanCore/secrets/password-store.nix b/nixosModules/clanCore/secrets/password-store.nix
index 7f448cebd..998450f9a 100644
--- a/nixosModules/clanCore/secrets/password-store.nix
+++ b/nixosModules/clanCore/secrets/password-store.nix
@@ -30,6 +30,10 @@ in
         # if any of the secrets are missing, we regenerate all connected facts/secrets
         (if ! (${lib.concatMapStringsSep " && " (x: "test -e ${passwordstoreDir}/machines/${config.clanCore.machineName}/${x.name}.gpg >/dev/null") (lib.attrValues v.secrets)}); then
 
+          tmpdir=$(mktemp -d)
+          trap "rm -rf $tmpdir" EXIT
+          cd $tmpdir
+
           facts=$(mktemp -d)
           trap "rm -rf $facts" EXIT
           secrets=$(mktemp -d)

From 97c1e3fb472239c0e4210f36bd2f6d914a94c83d Mon Sep 17 00:00:00 2001
From: lassulus <git@lassul.us>
Date: Thu, 5 Oct 2023 17:09:54 +0200
Subject: [PATCH 2/3] zerotier generate-network: terminate fakeroot for process
 cleanup

---
 nixosModules/clanCore/zerotier/generate-network.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixosModules/clanCore/zerotier/generate-network.py b/nixosModules/clanCore/zerotier/generate-network.py
index 60626a018..1269cd986 100644
--- a/nixosModules/clanCore/zerotier/generate-network.py
+++ b/nixosModules/clanCore/zerotier/generate-network.py
@@ -114,7 +114,7 @@ def zerotier_controller() -> Iterator[ZerotierController]:
 
                 yield ZerotierController(controller_port, home)
             finally:
-                p.kill()
+                p.terminate()
                 p.wait()
 
 

From 599209b7f644474daef80f7791073e07049b93bc Mon Sep 17 00:00:00 2001
From: lassulus <git@lassul.us>
Date: Thu, 5 Oct 2023 20:22:24 +0200
Subject: [PATCH 3/3] secrets.password-store: mkdir correct fact folder

---
 nixosModules/clanCore/secrets/password-store.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixosModules/clanCore/secrets/password-store.nix b/nixosModules/clanCore/secrets/password-store.nix
index 998450f9a..d21eed500 100644
--- a/nixosModules/clanCore/secrets/password-store.nix
+++ b/nixosModules/clanCore/secrets/password-store.nix
@@ -41,7 +41,7 @@ in
           ( ${v.generator} )
 
           ${lib.concatMapStrings (fact: ''
-            mkdir -p "$(dirname ${fact.path})"
+            mkdir -p "$CLAN_DIR"/"$(dirname ${fact.path})"
             cp "$facts"/${fact.name} "$CLAN_DIR"/${fact.path}
           '') (lib.attrValues v.facts)}