| 26 Apr 2025 |
 K900 ⚡️ | You use the agenix HM module | 07:00:30 |
| K900 ⚡️ | And then use HM's config | 07:00:36 |
 mmkaram | so use
age.secrets = {};
in my home.nix?
| 07:01:24 |
| mmkaram | how would I access those variables in other parts of my home.nix
| 07:01:54 |
| mmkaram | again I'm used to the config.age.secrets syntax
| 07:02:11 |
| K900 ⚡️ | You use config.age.secrets | 07:05:47 |
| K900 ⚡️ | Where config is passed down from HM | 07:05:54 |
| K900 ⚡️ | You don't need to do that explicitly | 07:06:11 |
| mmkaram | seriously? my lsp says it can't find config which checks out because it's not an input to the home function
| 07:07:01 |
| K900 ⚡️ | You add it as an argument | 07:07:15 |
| mmkaram | okaaaay, and I can access the path from that I think, config.age.secrets.whatever.path
| 07:11:33 |
| mmkaram | how would I get what's actually in the value | 07:11:51 |
| mmkaram | builtins.readFile?
| 07:11:56 |
| K900 ⚡️ | That would entirely break the security model of agenix | 07:12:22 |
| mmkaram | right yeah that makes sense | 07:12:35 |
| K900 ⚡️ | The whole point of agenix is that your secrets are never visible at eval time | 07:12:36 |
| mmkaram | realized that after I wrote that message | 07:12:59 |
| mmkaram | how do most people go about reading the value | 07:13:08 |
| K900 ⚡️ | You don't | 07:13:12 |
| K900 ⚡️ | You need the application to read that file at runtime | 07:13:20 |
| K900 ⚡️ | Somehow | 07:13:26 |
| K900 ⚡️ | How exactly depends on the application | 07:13:34 |
| mmkaram | interesting | 07:14:31 |
|  ruby joined the room. | 14:41:13 |
 @r522:matrix.org | generally speaking, services that handle secrets will let you pass them as a file (as in, you enter the filename)
like my listenbrainz-mpd config
services.listenbrainz-mpd = {
enable = true;
settings = {
submission = {
token_file = config.age.secrets.listenbrainz-mpd-token.path;
};
};
};
| 20:21:58 |
 tebriel | and sometimes they don't and you have to bend over backwards to find a way to inject them in another manner! (I feel icky about this script I wrote)
xdg.configFile."mcphub/servers.json" = {
source = jsonFormat.generate "servers.json" {
mcpServers = {
github-mcp = {
command = lib.getExe (
pkgs.writeShellApplication {
name = "github-mcp-server";
runtimeInputs = [pkgs-unstable.github-mcp-server];
text = ''
GITHUB_PERSONAL_ACCESS_TOKEN=$(cat ${osConfig.age.secrets."github-mcp-token".path})
export GITHUB_PERSONAL_ACCESS_TOKEN
${lib.getExe pkgs-unstable.github-mcp-server} "$@"
'';
}
);
args = ["stdio"];
env = {};
};
};
};
};
| 20:41:54 |
| 27 Apr 2025 |
|  luzifer2222 changed their display name from luzifer2222 to bitfoo. | 17:17:52 |
| 30 Apr 2025 |
|  Edward Hesketh joined the room. | 20:05:01 |
| 1 May 2025 |
|  Rosuavio changed their display name from Rosario Pulella to Rosuavio. | 20:08:35 |
| 3 May 2025 |
|  harm94 joined the room. | 09:34:17 |
