| 1 Dec 2021 |
 ultranix | maybe i dont understand agenix | 23:40:02 |
 Pacman99 | Well if you set something like users.users.ultranix.passwordFile = "/run/secrets/password" that has to be updated | 23:41:14 |
| ultranix | yeah i have exactly that | 23:43:36 |
| ultranix | do you understand how that works? I didn't think passwordFile reads it outside of doing a system rebuild | 23:44:09 |
| Pacman99 | I think /etc/shadow gets updated on activation, and the current generations activation script gets run on startup | 23:45:26 |
| ultranix | ah, ok. thanks for the info | 23:48:15 |
 David Arnold (blaggacao) | Download 0001-Fix-parent-path-check-boundary.patch | 23:53:32 |
| David Arnold (blaggacao) | ^^ we're going back to the roots & traditional again 😄 | 23:54:20 |
| David Arnold (blaggacao) | Who said people couldn't live happy lives 200 years ago? 😸 | 23:54:44 |
| ultranix | it works, thank you Pacman99 ! | 23:55:09 |
| ultranix | In reply to @blaggacao:matrix.org
sent a file. what's this for? | 23:55:37 |
| Pacman99 | We should update secrets.md in devos then | 23:55:48 |
| ultranix | well, stable would still look for /run/secrets i suppose | 23:56:47 |
| Pacman99 | Ohh true, yeah I'm not sure if theres anything we can do then | 23:57:15 |
| Pacman99 | update agenix I guess then switch secrets.md | 23:57:28 |
| David Arnold (blaggacao) | In reply to @ultranix:matrix.org
what's this for? revert https://github.com/divnix/digga/commit/9c5115fa6143f51851f58055f0e2ecb9253ff15d | 23:58:22 |
| David Arnold (blaggacao) | ^^ this breaks the inner local check-feedback-loop. | 23:58:53 |
| 2 Dec 2021 |
| ultranix | ah | 00:06:07 |
| ultranix | i never liked the idea of subflakes anyways, is that widely used somewhere else? | 00:06:26 |
| ultranix | its understandable for the examples part though | 00:06:44 |
| ultranix | by the way, i still found a lot of use for git-crypt. I use it to encrypt secrets in public repositories | 00:12:34 |
| ultranix | i could not figure out how to do that with the agenix replacement | 00:12:45 |
| ultranix | stringPassword = "${builtins.readFile ./secrets/password}" | 00:13:27 |
| ultranix | agenix only works for deployment keys | 00:13:47 |
| ultranix | afaict, it doesnt work well otherwise | 00:14:07 |
| ultranix | * by the way, i still found a lot of use for git-crypt. I use it to encrypt string secrets in public repositories | 00:16:22 |
| ultranix | i dont see any other way to do it though. i wish i could not involve a gpg private key; one ssh key is much simpler to use | 00:22:08 |
| David Arnold (blaggacao) | In reply to @ultranix:matrix.org
i never liked the idea of subflakes anyways, is that widely used somewhere else? At the very least it is a way of placing multiple flake-guarantees-backed interfaces into a big project, such as you can't break (../../) out of the flake boundary. that's actually nice if you are task with auditing a big chunk of nix code. | 00:46:21 |
| David Arnold (blaggacao) | In reply to @ultranix:matrix.org
stringPassword = "${builtins.readFile ./secrets/password}" that looks like you try to manipulate secrets ahead of their final use? or is it conceptually that you wanna use them in some sort of local script? | 00:47:56 |
| David Arnold (blaggacao) | I'm trying to figure out the bigger / biggest picture. | 00:49:30 |
