!XLCFfvFhUkYwOMLbVx:nixos.org

agenix

323 Members
age-encrypted secrets for NixOS https://github.com/ryantm/agenix/93 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
23 Feb 2025
@phuetter:matrix.orgPatrick

Hi, i can't get agenix to working. Does somebody have an idea why my tailscale.age isn't get placed onto the host?

❯ nix run github:zhaofengli/colmena -- apply --experimental-flake-eval --on host-1 --show-trace
warning: ignoring untrusted substituter 'https://colmena.cachix.org', you are not a trusted user.
Run `man nix.conf` for more information on the `substituters` configuration option.
warning: ignoring the client-specified setting 'trusted-public-keys', because it is a restricted setting and you are not a trusted user
warning: Git tree '/Users/user/Workspace/project/infrastructure-as-code' is dirty
[INFO ] Using flake: git+file:///Users/user/Workspace/project/infrastructure-as-code?dir=nixos
warning: Git tree '/Users/user/Workspace/project/infrastructure-as-code' is dirty
warning: will not write lock file of flake 'path:/private/tmp/colmena-assets-r8xdrZ' because it has an unlocked input ('git+file:///Users/user/Workspace/project/infrastructure-as-code?dir=nixos')
[WARN ] Using direct flake evaluation (experimental)
[INFO ] Enumerating nodes...
warning: Git tree '/Users/user/Workspace/project/infrastructure-as-code' is dirty
warning: Git tree '/Users/user/Workspace/project/infrastructure-as-code' is dirty
warning: Git tree '/Users/user/Workspace/project/infrastructure-as-code' is dirty
[INFO ] Selected 1 out of 3 hosts.
             ❌ 3s Failed: Child process exited with error code: 1
host-1       ❌ 3s Evaluation failed: Child process exited with error code: 1                                                                                                     
[ERROR] Failed to evaluate host-1 - Last 20 lines of logs:
[ERROR]   stderr)           621|                   [{ inherit (module) file; inherit value; }]
[ERROR]   stderr)              |                                                     ^
[ERROR]   stderr)           622|                 )
[ERROR]   stderr) 
[ERROR]   stderr)        … while calling the 'concatStringsSep' builtin
[ERROR]   stderr)          at /nix/store/glsqq1xn5al7d528hvlbm4hl3ladxmka-source/modules/age.nix:114:20:
[ERROR]   stderr)           113|
[ERROR]   stderr)           114|   installSecrets = builtins.concatStringsSep "\n" (
[ERROR]   stderr)              |                    ^
[ERROR]   stderr)           115|     ["echo '[agenix] decrypting secrets...'"]
[ERROR]   stderr) 
[ERROR]   stderr)        … while calling 'installSecret'
[ERROR]   stderr)          at /nix/store/glsqq1xn5al7d528hvlbm4hl3ladxmka-source/modules/age.nix:64:19:
[ERROR]   stderr)            63|
[ERROR]   stderr)            64|   installSecret = secretType: ''
[ERROR]   stderr)              |                   ^
[ERROR]   stderr)            65|     ${setTruePath secretType}
[ERROR]   stderr) 
[ERROR]   stderr)        error: path '/nix/store/lrfilxp20f920zgvm3bn71h6wsnp037y-source/nixos/secrets/tailscale.age' does not exist
[ERROR]  failure) Child process exited with error code: 1
[ERROR] Failed to complete requested operation - Last 1 lines of logs:
[ERROR]  failure) Child process exited with error code: 1
[ERROR] -----
[ERROR] Operation failed with error: Child process exited with error code: 1
Hint: Backtrace available - Use `RUST_BACKTRACE=1` environment variable to display a backtrace
14:12:08
@elikoga:matrix.orgelikoga Run git add . and try again 15:19:40
@phuetter:matrix.orgPatrick elikoga: you are my hero! <3 This workend! So simple! I was search for this bug / problem a few hours, did setup a few machines again and again and couldn't fix this problem. Wow, so simple! 19:28:56
@phuetter:matrix.orgPatrick * elikoga: you are my hero! <3 This worked! So simple! I was search for this bug / problem a few hours, did setup a few machines again and again and couldn't fix this problem. Wow, so simple! 19:29:14
@elikoga:matrix.orgelikoga It's related to the fact that nix flakes in a git repository only copy git tracked files to the store 19:29:34
@phuetter:matrix.orgPatrick elikoga: awesome and very important to know! I started with nix a few days ago, coming from normal linux distributions and ansible provisioning. So this will help me to understand more things within nixos-space :) 19:30:43
25 Feb 2025
@horigome:matrix.org@horigome:matrix.org joined the room.19:26:36
@horigome:matrix.org@horigome:matrix.org I'm so lost... have been using agenix for couple of years no problem. Now none of my secrets are decrypted, e.g., when running darwin-rebuild... 19:31:39
@horigome:matrix.org@horigome:matrix.orgWhen running darwin-rebuild I always noticed the decryption step but now it's gone19:33:32
@horigome:matrix.org@horigome:matrix.orgno error or warning or nothing19:33:38
@horigome:matrix.org@horigome:matrix.orgworks fine on my nixos machines19:34:53
@horigome:matrix.org@horigome:matrix.orghow can i debug this19:35:32
@horigome:matrix.org@horigome:matrix.orgwould it fail if it is unable to decrypt?19:37:57
@horigome:matrix.org@horigome:matrix.orge.g., in the activation stage19:38:11
@horigome:matrix.org@horigome:matrix.org🤦20:05:13
@horigome:matrix.org@horigome:matrix.orgFigured it out.20:05:19

Show newer messages

Back to Room ListRoom Version: 6