From 82976b0b61ecbb32f36b19538b369a2d1c950565 Mon Sep 17 00:00:00 2001
From: Charlotte Van Petegem <charlotte@vanpetegem.be>
Date: Sun, 29 Jun 2025 16:47:02 +0200
Subject: [PATCH] Don't let agenix put files directly into the home dir

---
 modules/nixos/graphical/mail/default.nix | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/modules/nixos/graphical/mail/default.nix b/modules/nixos/graphical/mail/default.nix
index ba694972..afc1c484 100644
--- a/modules/nixos/graphical/mail/default.nix
+++ b/modules/nixos/graphical/mail/default.nix
@@ -217,7 +217,7 @@ in
         ];
       };
     };
-    home-manager.users.charlotte = { ... }: {
+    home-manager.users.charlotte = { lib, ... }: {
       accounts.email = {
         maildirBasePath = "/home/charlotte/mail";
         accounts = {
@@ -283,7 +283,15 @@ in
           };
         };
       };
-      home.packages = [ pkgs.oauth2ms ];
+      home = {
+        # We can't just use agenix' `.path` option, since agenix creates the necessary directories as root
+        # This leaves root-owned directories in the home directory, messing up the rest of the boot sequence
+        activation.linkOauth2msConfig = lib.hm.dag.entryAfter ["writeBoundary"] ''
+          run mkdir -p $VERBOSE_ARG $HOME/.config/oauth2ms
+          run ln -s $VERBOSE_ARG ${config.age.secrets."files/programs/oauth2ms".path} $HOME/.config/oauth2ms/config.json
+        '';
+        packages = [ pkgs.oauth2ms ];
+      };
       programs = {
         mbsync.enable = true;
         msmtp.enable = true;
@@ -329,7 +337,6 @@ in
     age.secrets."files/programs/oauth2ms" = {
       file = ../../../../secrets/files/programs/oauth2ms.age;
       owner = "charlotte";
-      path = "/home/charlotte/.config/oauth2ms/config.json";
     };
   };
 }