21 Nov 2022 |
| Player205 set a profile picture. | 18:56:23 |
25 Nov 2022 |
| John Bargman joined the room. | 03:09:53 |
26 Nov 2022 |
| ahmed changed their display name from rh to ahmed. | 19:19:50 |
29 Nov 2022 |
| pl1y joined the room. | 17:51:47 |
3 Dec 2022 |
| Alok Parlikar changed their display name from happyalu to Alok Parlikar. | 15:50:06 |
5 Dec 2022 |
REASON...UNKNOWN | Is anyone using agenix with deploy-rs? deploy-rs fails telling me that `/nix/store/xxxx-source/secrets` does not exist | 02:22:39 |
ryantm | REASON...UNKNOWN: can you share your relevant NixOS config? | 02:30:03 |
REASON...UNKNOWN | In reply to @ryantm:matrix.org REASON...UNKNOWN: can you share your relevant NixOS config? This is my flake.nix https://0x0.st/ok0G.nix | 02:31:48 |
REASON...UNKNOWN | I can share one of the hosts too | 02:32:02 |
ryantm | It would help to see all the lines for agenix at least. | 02:33:00 |
REASON...UNKNOWN | aaa/host.nix https://0x0.st/ok0n.nix | 02:33:51 |
REASON...UNKNOWN | And configuration in a sec | 02:34:02 |
REASON...UNKNOWN | https://0x0.st/ok07.nix | 02:36:23 |
REASON...UNKNOWN | That's all the agenix stuff, except for secrets/secrets.nix | 02:38:00 |
ryantm | Looks pretty good. | 02:38:09 |
ryantm | I don't typically use path + string for the file config so it would be a debugging step to write the real path out there. | 02:38:51 |
ryantm | Also double check you've staged the secrets into your flake repo. | 02:39:38 |
REASON...UNKNOWN | In reply to @ryantm:matrix.org Also double check you've staged the secrets into your flake repo. Ah that is likely it. I have only an inkling that the repo contents affect things | 02:40:44 |
REASON...UNKNOWN | secrets dir explicitly left out of repo in .gitignore | 02:40:59 |
REASON...UNKNOWN | Yeah. Seems to be working now. | 02:43:06 |
REASON...UNKNOWN | So I really ha e no choice but to commit secrets to my repo? | 02:43:35 |
REASON...UNKNOWN | * So I really have no choice but to commit secrets to my repo? | 02:43:42 |
6 Dec 2022 |
| omlet left the room. | 03:18:07 |
7 Dec 2022 |
| drall.kj joined the room. | 04:30:50 |
9 Dec 2022 |
| kukker joined the room. | 05:22:21 |
pl1y | regarding the template discussion: current agenix decrypts the secret and writes it to disk. if someone needs post processing (transforming the secret, combining it with other config) one can use the `system.activationScripts` to read said secret and write it to another file, but needs to make sure it has the correct permissions and it's not committed to the nix store by accident. | 12:46:47 |
pl1y | there is currently a pull request, that would introduce templates, so one could specify a template with `@secret1@` template variables, and those would be replaced by the secrets, and handle the permissions. | 12:48:56 |
pl1y | have you thought about adding a more general "transform" attribute for each secret? you could specify a script there. agenix would then write the secret to the stdin of said script and write the scripts stdout to the file. this way also more complex transformations would be possible. perhaps agenix could even provide a default implementation of said script: the secret could be a toml/ini/json/yaml file that defines the variables, a command line argument of the script could point to a template. the default could be a simple `cat` that does not transform anything. | 12:53:30 |
jhillyerd | I'd love to see something like this in agenix. I spent many hours getting templates working for myself, it definitely feels like advanced nix, and is a roadblock to adopting flake based nix deployments. | 17:30:01 |
11 Dec 2022 |
| acire joined the room. | 08:11:08 |