From 8bad14fe08ad5dfb6bcb86834f0bf591413b7e8a Mon Sep 17 00:00:00 2001
From: Kazutoshi Noguchi <noguchi.kazutosi+Az0Gjft4@gmail.com>
Date: Thu, 1 Jul 2021 14:08:19 +0900
Subject: [PATCH] run activation scripts after /run mount

---
 modules/age.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/age.nix b/modules/age.nix
index 9cd72b3..308753d 100644
--- a/modules/age.nix
+++ b/modules/age.nix
@@ -111,10 +111,10 @@ in
 
     # Secrets with root owner and group can be installed before users
     # exist. This allows user password files to be encrypted.
-    system.activationScripts.agenixRoot.text = installRootOwnedSecrets;
+    system.activationScripts.agenixRoot = stringAfter [ "specialfs" ] installRootOwnedSecrets;
     system.activationScripts.users.deps = [ "agenixRoot" ];
 
     # Other secrets need to wait for users and groups to exist.
-    system.activationScripts.agenix = stringAfter [ "users" "groups" ] installNonRootSecrets;
+    system.activationScripts.agenix = stringAfter [ "users" "groups" "specialfs" ] installNonRootSecrets;
   };
 }