From b0a48f587e7e52d88707832c8fb1142484a457a2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alu=C3=ADsio=20Augusto=20Silva=20Gon=C3=A7alves?=
 <aluisio@aasg.name>
Date: Tue, 22 Dec 2020 01:34:35 -0300
Subject: [PATCH] correctly list non-root secrets

Secrets that are only partly owned by root (i.e. either user or group
are not 'root') are now accounted for during activation.
---
 modules/age.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/age.nix b/modules/age.nix
index d645ae8..974af50 100644
--- a/modules/age.nix
+++ b/modules/age.nix
@@ -23,7 +23,7 @@ let
   rootOwnedSecrets = builtins.filter (st: st.owner == "root" && st.group == "root") (builtins.attrValues cfg.secrets);
   installRootOwnedSecrets = builtins.concatStringsSep "\n" (["echo '[agenix] decrypting root secrets...'"] ++ (map installSecret rootOwnedSecrets));
 
-  nonRootSecrets = builtins.filter (st: st.owner != "root" && st.group != "root") (builtins.attrValues cfg.secrets);
+  nonRootSecrets = builtins.filter (st: st.owner != "root" || st.group != "root") (builtins.attrValues cfg.secrets);
   installNonRootSecrets = builtins.concatStringsSep "\n" (["echo '[agenix] decrypting non-root secrets...'"] ++ (map installSecret nonRootSecrets));
 
   secretType = types.submodule ({ config, ... }: {