| 6 Mar 2025 |
|  @frankingfish45:matrix.org left the room. | 08:08:38 |
| 7 Mar 2025 |
|  Qyriad changed their display name from Qyriad to qyriad. | 16:58:25 |
| 8 Mar 2025 |
 laurent | Hi there, Im new to the nixos ecosystem. I asked a question on the agenix discussion page https://github.com/ryantm/agenix/discussions/312, regarding agenix asking for my passkey passphrase on boot, with no timeout.nixos logo will spin forever unless i press esc at the right time(otherwise if i press too late, boot sequence is basically frozen). Any tip on how to avoid this without having a private key without a passphrase? | 06:08:59 |
 K900 ⚡️ | That's not really the intended use cass | 06:19:48 |
| K900 ⚡️ | You probably want full disk encryption | 06:20:00 |
| laurent | In reply to @k900:0upti.me
That's not really the intended use cass What do you mean? What is the intended use case? My understanding is just to encrypt password, tokens... with my private ssh key so that i can put my nixos config on github | 06:23:43 |
| K900 ⚡️ | Yes, but it's not really designed to be used interactively | 06:41:00 |
| K900 ⚡️ | The way you're trying to use it | 06:41:04 |
| K900 ⚡️ | If you want that kind of thing, you should encrypt to a secret like your machine's SSH host key | 06:41:21 |
| K900 ⚡️ | That is stored on an encrypted disk | 06:41:29 |
|  @horigome:matrix.org left the room. | 06:57:30 |
| laurent | In reply to @k900:0upti.me
If you want that kind of thing, you should encrypt to a secret like your machine's SSH host key Hum I think I wasnt clear sorry. I dont want the boot sequence to be interactive and asking for my ssh host key password. Maybe i didnt set up my ssh key good enough with nix? | 07:06:43 |
| K900 ⚡️ | You don't want any password prompts at all? | 07:07:03 |
| K900 ⚡️ | Then you just need to encrypt to your SSH host key | 07:07:16 |
| K900 ⚡️ | Not your user key | 07:07:19 |
| laurent | In reply to @k900:0upti.me
You don't want any password prompts at all? I dont want a password prompt hanging on the boot sequence as it freezes my machine, and the "asking for password prompt" is hidden behind the nixos booting logo. Im used to only have one ssh key with other linux distrib,so i prob didnt setup things properly by having the same key for host and user. Ill investigate! | 07:16:23 |
| K900 ⚡️ | The host key is not something you need to manually create | 07:16:52 |
| K900 ⚡️ | It's created when you start sshd for the first time, in /etc/ssh/sshhostkey_ed25519 | 07:17:05 |
| laurent | Ahh thx, i wasnt even aware of this folder! I put my key in my ~/.ssh as for other linux! | 07:20:11 |
| K900 ⚡️ | Those are different keys | 07:20:23 |
| K900 ⚡️ | Your key in ~/.ssh identifies your user | 07:20:28 |
| K900 ⚡️ | The host key in /etc/ssh identifies the machine | 07:20:35 |
| laurent | Got it! And when i set up agenix i encrypted with my user key, which i then use in the identityfile option of agenix! So i should have encrypted with the host machine correct? But this host ssh key is automatically regenerated on a new nixos install? | 07:25:13 |
| K900 ⚡️ | You encrypt with the public part of the host key | 07:25:36 |
| K900 ⚡️ | And then it's decrypted with the private part | 07:25:43 |
| laurent | * Got it! And when i set up agenix, i encrypted with my user key, which i then use in the identityfile option of agenix! So i should have encrypted with the host machine correct? But this host ssh key is automatically regenerated on a new nixos install? | 07:25:45 |
| K900 ⚡️ | And yes, the host key is generated per machine | 07:25:48 |
| K900 ⚡️ | So you probably want to also encrypt to your own user key, so you can access the secrets if you don't have any of the host keys | 07:26:06 |
| laurent | Thx! I did everything the wrong way then. So the host key needs obviously to be backed up. I ll check some doc to see how to reinstall it the nix way on a fresh install.thx a lot fornyour help | 07:29:13 |
 Valodim | It does not need to be backed up. Just create a new one and rekey on redeployment | 07:49:26 |
