From dbad2791c2256a0f1083614cbf22ae617d54900c Mon Sep 17 00:00:00 2001
From: jobs62 <cd-microsoft@analphabet.me>
Date: Thu, 28 Nov 2024 16:38:51 +0100
Subject: [PATCH 1/3] try fixing templates on home-manager

Update pkgs/sops-install-secrets/main.go
---
 modules/home-manager/sops.nix      | 1 +
 modules/home-manager/templates.nix | 8 +++++---
 pkgs/sops-install-secrets/main.go  | 6 +++++-
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/modules/home-manager/sops.nix b/modules/home-manager/sops.nix
index 68ca8422..575c5fc4 100644
--- a/modules/home-manager/sops.nix
+++ b/modules/home-manager/sops.nix
@@ -99,6 +99,7 @@ let
         sshKeyPaths = cfg.gnupg.sshKeyPaths;
         ageKeyFile = cfg.age.keyFile;
         ageSshKeyPaths = cfg.age.sshKeyPaths;
+        placeholderBySecretName = cfg.placeholder;
         userMode = true;
         logging = {
           keyImport = builtins.elem "keyImport" cfg.log;
diff --git a/modules/home-manager/templates.nix b/modules/home-manager/templates.nix
index c64802a1..460f2742 100644
--- a/modules/home-manager/templates.nix
+++ b/modules/home-manager/templates.nix
@@ -12,6 +12,8 @@ let
     mapAttrs
     types
     ;
+
+  hmConfig = config;
 in
 {
   options.sops = {
@@ -33,7 +35,7 @@ in
                 description = "Path where the rendered file will be placed";
                 type = types.singleLineStr;
                 # Keep this in sync with `RenderedSubdir` in `pkgs/sops-install-secrets/main.go`
-                default = "${config.xdg.configHome}/sops-nix/secrets/rendered/${config.name}";
+                default = "${hmConfig.xdg.configHome}/sops-nix/secrets/rendered/${config.name}";
               };
               content = mkOption {
                 type = types.lines;
@@ -97,10 +99,10 @@ in
   };
 
   config = lib.optionalAttrs (options ? sops.secrets) (
-    lib.mkIf (config.sops.templates != { }) {
+    lib.mkIf (hmConfig.sops.templates != { }) {
       sops.placeholder = mapAttrs (
         name: _: mkDefault "<SOPS:${builtins.hashString "sha256" name}:PLACEHOLDER>"
-      ) config.sops.secrets;
+      ) hmConfig.sops.secrets;
     }
   );
 }
diff --git a/pkgs/sops-install-secrets/main.go b/pkgs/sops-install-secrets/main.go
index 280df4c9..562dd248 100644
--- a/pkgs/sops-install-secrets/main.go
+++ b/pkgs/sops-install-secrets/main.go
@@ -698,7 +698,11 @@ func (app *appContext) validateManifest() error {
 		// The Nix module only defines placeholders for secrets if there are
 		// templates.
 		if len(m.Templates) > 0 {
-			placeholder := m.PlaceholderBySecretName[secret.Name]
+			placeholder, present := m.PlaceholderBySecretName[secret.Name]
+			if !present {
+				return fmt.Errorf("placeholder for %s not found in manifest", secret.Name)
+			}
+
 			app.secretByPlaceholder[placeholder] = secret
 		}
 	}

From fefa19b6a3cbac872859606b2c8846781d782d77 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Mon, 2 Dec 2024 09:22:56 +0100
Subject: [PATCH 2/3] {darwin,home-manager}: add example template

---
 checks/darwin.nix       | 8 +++++++-
 checks/home-manager.nix | 7 +++++--
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/checks/darwin.nix b/checks/darwin.nix
index 8b74e334..fe67b43b 100644
--- a/checks/darwin.nix
+++ b/checks/darwin.nix
@@ -1,10 +1,16 @@
-
+{
+  config,
+  ...
+}:
 {
   imports = [
     ../modules/nix-darwin/default.nix
   ];
   documentation.enable = false;
   sops.secrets.test_key = { };
+  sops.templates."template.toml".content = ''
+    password = "${config.sops.placeholder.test_key}";
+  '';
   sops.defaultSopsFile = ../pkgs/sops-install-secrets/test-assets/secrets.yaml;
   sops.age.generateKey = true;
   system.stateVersion = 5;
diff --git a/checks/home-manager.nix b/checks/home-manager.nix
index d1e63552..3c32fd69 100644
--- a/checks/home-manager.nix
+++ b/checks/home-manager.nix
@@ -1,5 +1,5 @@
-
-{ config, ... }: {
+{ config, ... }:
+{
   imports = [
     ../modules/home-manager/sops.nix
   ];
@@ -11,5 +11,8 @@
   sops.age.generateKey = true;
   sops.age.keyFile = "${config.home.homeDirectory}/.age-key.txt";
   sops.secrets.test_key = { };
+  sops.templates."template.toml".content = ''
+    password = "${config.sops.placeholder.test_key}";
+  '';
   sops.defaultSopsFile = ../pkgs/sops-install-secrets/test-assets/secrets.yaml;
 }

From 22294a4a08760d67869b5afb755bbe9e9dfd6f06 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Mon, 2 Dec 2024 09:26:46 +0100
Subject: [PATCH 3/3] fix queuing conditions

---
 .mergify.yml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/.mergify.yml b/.mergify.yml
index 2fc1e2e1..1a3a746d 100644
--- a/.mergify.yml
+++ b/.mergify.yml
@@ -1,14 +1,13 @@
 queue_rules:
   - name: default
-    queue_conditions:
-      - base=master
-      - label~=merge-queue|dependencies
     merge_conditions:
       - check-success=buildbot/nix-build
     merge_method: rebase
 
 pull_request_rules:
   - name: refactored queue action rule
-    conditions: []
+    conditions:
+      - base=master
+      - label~=merge-queue|dependencies
     actions:
       queue: