| 30 Apr 2025 |
|  Edward Hesketh joined the room. | 20:05:01 |
| 1 May 2025 |
|  Rosuavio changed their display name from Rosario Pulella to Rosuavio. | 20:08:35 |
| 3 May 2025 |
|  harm94 joined the room. | 09:34:17 |
| harm94 | I have this error and I don't understand it.
Is there anybody who can help me?
[harm@aio:~/projects/nixos/secrets]$ cat secrets.nix
let
aio = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG0/2T/L1gv2z0pNG7qZqmYxkHN8vMI77NVjvXUM/jFk";
laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFBEV2FKHC4sP0brw8xqSHY5A6HXrwYGysYjCX4A9y2/";
systems = [ aio laptop ];
in
{
"openai_api_key.age".publicKeys = systems;
}
[harm@aio:~/projects/nixos/secrets]$ agenix -v -e openai_api_key.age
Error:
0: Failed to find config root
Location:
src/cli.rs:216
| 09:37:41 |
| harm94 | It was because I had installed agenix from unstable.
Now it works.
# unstable.agenix-cli
(pkgs.callPackage <agenix/pkgs/agenix.nix> {})
| 09:56:59 |
| 4 May 2025 |
|  fwam changed their profile picture. | 14:16:16 |
|  Sam changed their display name from Sam (away → 5/5) to Sam. | 15:42:04 |
| 5 May 2025 |
|  titaniumtown changed their display name from titaniumtown (they/them) to titaniumtown. | 20:42:47 |
| 6 May 2025 |
|  birdadmirer joined the room. | 18:48:44 |
|  pinkybrain joined the room. | 22:55:21 |
| 7 May 2025 |
|  @nemnix:matrix.org joined the room. | 14:51:41 |
| @nemnix:matrix.org | Redacted or Malformed Event | 14:53:19 |
| @nemnix:matrix.org | Redacted or Malformed Event | 15:22:29 |
| @nemnix:matrix.org | I have been working on a setup where I can see the secrets in the containers located in /run/agenix. The issue now is that these files are only readable by root, but I need them to be readable by the authelia-main user. I have attempted to configure this in the agenix module, but I keep encountering an error.
Here is my configuration:
authelia.nix
containers.authelia = {
autoStart = true;
privateNetwork = false;
bindMounts."${config.age.secrets.authelia_jwtSecret.path}".isReadOnly = true;
bindMounts."${config.age.secrets.authelia_sessionSecret.path}".isReadOnly = true;
bindMounts."${config.age.secrets.authelia_storageEncryptionKey.path}".isReadOnly = true;
secrets = {
jwtSecretFile = "/run/agenix/authelia_jwtSecret";
sessionSecretFile = "/run/agenix/authelia_sessionSecret";
storageEncryptionKeyFile = "/run/agenix/authelia_storageEncryptionKey";
};
};
agenix.nix
authelia_jwtSecret = {
file = ../secrets/authelia_jwtSecretFile.age;
owner = "authelia-main";
group = "authelia-main";
};
authelia_sessionSecret = {
file = ../secrets/authelia_sessionSecretFile.age;
owner = "authelia-main";
group = "authelia-main";
};
authelia_storageEncryptionKey = {
file = ../secrets/authelia_storageEncryptionKeyFile.age;
owner = "authelia-main";
group = "authelia-main";
};
However, when I try to apply this configuration, I receive the following error:
[agenix] chowning...
chown: invalid user: ‘authelia-main:authelia-main’
chown: invalid user: ‘authelia-main:authelia-main’
chown: invalid user: ‘authelia-main:authelia-main’
| 15:25:23 |
| @nemnix:matrix.org | I have been working on a setup where I can see the secrets in the containers located in /run/agenix. The issue now is that these files are only readable by root, but I need them to be readable by the authelia-main user. I have attempted to configure this in the agenix module, but I keep encountering an error.
Here is my configuration:
authelia.nix
containers.authelia = {
autoStart = true;
privateNetwork = false;
bindMounts."${config.age.secrets.authelia_jwtSecret.path}".isReadOnly = true;
bindMounts."${config.age.secrets.authelia_sessionSecret.path}".isReadOnly = true;
bindMounts."${config.age.secrets.authelia_storageEncryptionKey.path}".isReadOnly = true;
...
secrets = {
jwtSecretFile = "/run/agenix/authelia_jwtSecret";
sessionSecretFile = "/run/agenix/authelia_sessionSecret";
storageEncryptionKeyFile = "/run/agenix/authelia_storageEncryptionKey";
};
};
agenix.nix
authelia_jwtSecret = {
file = ../secrets/authelia_jwtSecretFile.age;
owner = "authelia-main";
group = "authelia-main";
};
authelia_sessionSecret = {
file = ../secrets/authelia_sessionSecretFile.age;
owner = "authelia-main";
group = "authelia-main";
};
authelia_storageEncryptionKey = {
file = ../secrets/authelia_storageEncryptionKeyFile.age;
owner = "authelia-main";
group = "authelia-main";
};
However, when I try to apply this configuration, I receive the following error:
[agenix] chowning...
chown: invalid user: ‘authelia-main:authelia-main’
chown: invalid user: ‘authelia-main:authelia-main’
chown: invalid user: ‘authelia-main:authelia-main’
| 15:25:50 |
| 8 May 2025 |
|  isabel changed their profile picture. | 08:58:24 |
|  98765abc changed their profile picture. | 11:35:15 |
| 10 May 2025 |
|  522 [it/its][ΘΔ] changed their display name from 522 to 522 [it/its][ΘΔ]. | 18:07:13 |
| Edward Hesketh changed their display name from Edward Hesketh to headb. | 19:44:59 |
|  @strutztm:strutztm.de left the room. | 19:53:44 |
| Edward Hesketh changed their display name from headb to Edward Hesketh. | 23:32:18 |
| 11 May 2025 |
| @nemnix:matrix.org removed their profile picture. | 01:27:19 |
|  dgrig joined the room. | 20:34:05 |
| 13 May 2025 |
|  kraem changed their profile picture. | 13:54:57 |
| 17 May 2025 |
|  oddlama changed their display name from oddlama to Malte. | 20:12:11 |
| 18 May 2025 |
 xored | i have a container that doesn't allow env vars or anything like that, is there an external tool i can run within nix that would interpolate a secret in a yaml file? | 22:31:51 |
| xored | i could also write the yaml in nix so if there are any helps other than builtin.readFile or similar (not recommended) plz let me know | 22:32:30 |
| xored | or i could do a sed on container startup | 22:33:01 |
| xored | let me know what you guys usually do | 22:33:08 |
| 19 May 2025 |
|  Andrew Selvia joined the room. | 08:25:55 |
