| 11 Jul 2023 |
 @2xsaiko:tchncs.de | oh cool! (though, having flake compat would require completely different implementation in nix itself from what I understand, right?) | 00:21:05 |
 emily | yeah | 00:38:57 |
| emily | it was more "Nix isn't going to add a fetcher for something Nixpkgs doesn't even support" | 00:39:05 |
 PowerUser64 | In reply to @2xsaiko:tchncs.de
PowerUser64: usually I think you'd patch dlopen calls to point to absolute paths (if the library path is known at build time) or looked up relative to environment variables, like for example QT_PLUGIN_PATH. Ask in the #nix:nixos.org channel though, I think that's the better place to ask for how to do this Thanks! I was actually able to find help on the nixos forum. It turned out I needed to use NIX_LDFLAGS to make ld give the program the things it needed. | 00:49:01 |
|  Ash joined the room. | 16:07:17 |
|  Pyrox [Fox/It/She] changed their display name from Pyrox [ She/They/Xem ] to Pyrox [ It/She/They/Xem ]. | 20:43:38 |
| 12 Jul 2023 |
 beect | is there an idiomatic way to produce a path relative to the root of the flake repo? i want to replace imports = [ ../../common/users.nix ] with something like imports = [ ${self}/nixos/common/users.nix ] | 11:57:33 |
 CRTified | Not tested, but shouldn't self.outPath work there? | 11:58:02 |
| beect | i've tried a bunch of variations on /${self.outPath}/nixos/common/users.nix - it complains that "a string that refers to a store path cannot be appended to a path" | 12:17:54 |
| @2xsaiko:tchncs.de | beect: both ${self} and ${self.outPath} work for me, are you sure your self is the one you get passed to your flake outputs function? | 12:57:37 |
| @2xsaiko:tchncs.de | i.e. { outputs = { self }: { myPath = "${self}"; }; } => nix eval .#myPath => "/nix/store/..." | 12:58:37 |
| @2xsaiko:tchncs.de | oh | 12:59:42 |
| @2xsaiko:tchncs.de | it should be imports = [ "${self}/nixos/common/users.nix" ], with the quotes | 13:00:04 |
| @2xsaiko:tchncs.de | or (self + /nixos/common/users.nix) | 13:01:27 |
 Ilan Joselevich (Kranzes) | In reply to @crtified:crtified.me
Not tested, but shouldn't self.outPath work there? even just "${self}" would work because of string interpolation | 13:07:28 |
| Ilan Joselevich (Kranzes) | another design choice is to expose these common modules are nixosModules flake outputs | 13:08:08 |
| beect | ah yup, using a string instead of a path works. thanks. it's a little ugly, thanks for the pointer to nixosModules. | 13:22:20 |
| 13 Jul 2023 |
|  vcunat changed their display name from @vcunat to vcunat. | 08:27:42 |
 moots | anyone know their way around managing secrets in nix flakes(outside nixos)?
i tried using a output with pkgs.runcommand running agenix to decrypt them in sequence before generating the proper output (a generated file, which needs them), but i hit the wall that i cant access the users private keys like ~/.ssh/id_rsa since that doesnt seem to be possible impureley
im trying to have encrypted secrets in the repo and have the flake decrypt them using the users private keys and generate a config file which uses the decrpyted secrets contents
| 14:44:41 |
| moots | * anyone know their way around managing secrets in nix flakes(outside nixos)?
i tried using a output with pkgs.runcommand running agenix to decrypt them in sequence before generating the proper output (a generated file, which needs them), but i hit the wall that i cant access the users private keys like ~/.ssh/id_rsa since that doesnt seem to be possible impureley
im trying to have encrypted secrets in the repo and have the flake decrypt them using the users private keys and generate a config file which uses the decrpyted secrets contents(and in future have them accessible by any sub flake/potential flake built nixos configurations) | 14:46:01 |
 @petrichor:envs.net | moots: I have handled this using git-crypt in my desktop nixos config if that's any help? decrypted by git rather than nix itself so isn't affected by the purity restrictions but doesn't work in all situations | 14:49:43 |
| moots | i dont think git crypt would work fine for me | 15:03:47 |
| moots | * i dont think git crypt would work fine for me , alone by not beeing able to use a ssh key for that | 15:05:46 |
| moots | * i dont think git crypt would work fine for me , alone by not beeing able to use a ssh key for that, and i wou;d have hoped for agenix similar workflow | 15:06:42 |
| CRTified | So it's likely that sops-nix or agenix don't fit your usecase as well, correct? | 15:07:02 |
| moots | i would love to use agenix, but doesnt work outside nixos | 15:07:37 |
| CRTified | sops-nix relies on sops, which works outside of nixos 🙂 | 15:07:56 |
| moots | i even tried to hack around it
config-tf = (pkgs.runCommand "config-tf"
{ }
(''
set -x
export RULES=${./secrets.nix}
export HOME=/home/fabi
export IDENTITIES="~/.ssh/"
cd ${secrets.age.path}
'' + (nixpkgs.lib.concatStringsSep "\n" (nixpkgs.lib.mapAttrsToList (name: value: "${agenix.packages.${system}.agenix}/bin/agenix -d ${builtins.baseNameOf value.file} > $out/${builtins.replaceStrings [".age"] [""] (builtins.baseNameOf value.file)}") secrets.age.secrets))
)
);```
| 15:08:04 |
| CRTified | oh yeah, agenix uses age as well, true | 15:08:33 |
| moots | but u cant access the ssh keys from inside the flake | 15:08:34 |
