From 9f4f1c0e65f99122a594c57d3491c9c8ded196e0 Mon Sep 17 00:00:00 2001
From: Martijn de Munnik <martijndemunnik@protonmail.com>
Date: Tue, 22 Oct 2024 10:19:47 +0000
Subject: [PATCH] Update modules/sops/default.nix
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
---
 modules/sops/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/sops/default.nix b/modules/sops/default.nix
index a3e35015..8a68ad10 100644
--- a/modules/sops/default.nix
+++ b/modules/sops/default.nix
@@ -333,7 +333,7 @@ in {
             (builtins.isString secret.sopsFile && lib.hasPrefix builtins.storeDir secret.sopsFile);
           message = "'${secret.sopsFile}' is not in the Nix store. Either add it to the Nix store or set sops.validateSopsFiles to false";
         } {
-          assertion = secret.owner == "" && secret.uid != null || secret.owner != "" && secret.uid == null;
+          assertion = secret.owner != "root" && secret.uid != null || secret.owner != "root" && secret.uid == null;
           message = "In ${secret.name} exactly one of sops.owner and sops.uid must be set";
         } {
           assertion = secret.group == "" && secret.gid != null || secret.group != "" && secret.gid == null;