sops: Ensure BW_SESSION and SOPS_AGE_KEY are only fetched if not already defined

2026-01-21 14:01:34 +01:00 · 2025-12-25 23:28:22 +01:00 · 2025-12-25 23:28:22 +01:00 · 312036e7a7
commit 312036e7a7
parent e3479f2070
2 changed files with 14 additions and 7 deletions
--- a/flake-parts/install-anywhere.nix
+++ b/flake-parts/install-anywhere.nix
@ -37,10 +37,14 @@ _: {
          echo "$new_age_key" > "hosts/$host/keys/age.pub"
          echo "==> Updating SOPS secrets..."
-          BW_SESSION="$(bw unlock --raw || bw login --raw)"
+          if ! declare -px BW_SESSION >/dev/null 2>&1; then
-          export BW_SESSION
+            BW_SESSION="$(bw unlock --raw || bw login --raw)"
-          SOPS_AGE_KEY="$(bw get notes 'admin age-key')"
+            export BW_SESSION
-          export SOPS_AGE_KEY
+          fi
          if ! declare -px SOPS_AGE_KEY >/dev/null 2>&1; then
            SOPS_AGE_KEY="$(bw get notes 'admin age-key')"
            export SOPS_AGE_KEY
          fi
          SOPS_CONFIG="$(nix build .#sops-config --print-out-paths)"
          export SOPS_CONFIG
          sops updatekeys --yes "hosts/$host/secrets.json"
--- a/flake-parts/sops.nix
+++ b/flake-parts/sops.nix
@ -49,11 +49,14 @@
        nativeBuildInputs = [ pkgs.bitwarden-cli ];
        shellHook = ''
-          if BW_SESSION="$(bw unlock --raw || bw login --raw)"; then
+          if ! declare -px BW_SESSION >/dev/null 2>&1; then
            BW_SESSION="$(bw unlock --raw || bw login --raw)"
            export BW_SESSION
          fi
-          SOPS_AGE_KEY="$(bw get notes 'admin age-key')"
+          if ! declare -px SOPS_AGE_KEY >/dev/null 2>&1; then
-          export SOPS_AGE_KEY
+            SOPS_AGE_KEY="$(bw get notes 'admin age-key')"
            export SOPS_AGE_KEY
          fi
          SOPS_CONFIG="${self'.packages.sops-config}"
          export SOPS_CONFIG
        '';