| 4 Dec 2024 |
 LordKekz | Nice! I'm glad I could help :) | 12:59:27 |
|  OrfeasZ joined the room. | 17:36:44 |
| OrfeasZ | Hello, I'm having an issue with agenix and was wondering if anybody has any solutions: I have an OCI container that uses an environment file that's decrypted by agenix. However, agenix seems to always use the same path for that file (/run/agenix/whatever.env) even when its contents change. This makes it so when I update the env file and rebuild my system, the container doesn't get rebuilt since the path hasn't changed. | 17:38:31 |
| OrfeasZ | * Hello, I'm having an issue with agenix and was wondering if anybody has any solutions: I have an OCI container that uses an environment file that's decrypted by agenix. However, agenix seems to always use the same path for that file (/run/agenix/whatever.env) even when its contents change. This makes it so when I update the env file and rebuild my system, the container doesn't get recreated since the path hasn't changed. | 17:42:54 |
| OrfeasZ | Alright, looks like I was able to work around this by making agenix use a hash of the encrypted file as the file name:
age.secrets."my-secret" = {
file = ./my-secret.age;
name = builtins.hashFile "sha256" ./my-secret.age;
};
| 19:30:57 |
| OrfeasZ | not ideal, but seems to do the job for now! | 19:31:09 |
| LordKekz | Yeah.. but why do you need the container to rebuild? If it's just to make it restart on system activation, it should be possible to reload the systemd unit on activation somehow. Not sure which option you need tho. | 19:37:15 |
| OrfeasZ | Restarting the container doesn't make it pick up new environment variables. It needs to be re-created. | 19:40:13 |
| LordKekz | Ah, I see. Then you the hash thing is probably as good as it gets | 19:43:42 |
| LordKekz | * Ah, I see. Then the hash thing is probably as good as it gets | 19:43:51 |
| OrfeasZ | Yeah should be fine for now | 19:44:23 |
| OrfeasZ | Only "real issue" is that it's based on the hash of the encrypted contents and not the plain text contents, which means that the same source file re-encrypted without any changes will cause a re-creation. | 19:45:27 |
| OrfeasZ | But making it based on the plain text content also reveals that they haven't changed, which is also not great. | 19:45:52 |
| OrfeasZ | So you know, trade-offs. | 19:45:57 |
| LordKekz | I think usually the re-creation is preferrable; it rebuilding the container doesn't cause a rebuild of the container image, right? | 19:48:51 |
| OrfeasZ | Ye, it doesn't rebuild the image locally. | 19:49:35 |
| 11 Dec 2024 |
|  sheeeng joined the room. | 06:48:46 |
|  marijan changed their profile picture. | 14:20:27 |
| 12 Dec 2024 |
|  gagandeepb joined the room. | 07:52:39 |
|  Waldemar Tomme (they/them) joined the room. | 22:27:23 |
| 14 Dec 2024 |
|  @aidalgol:matrix.org left the room. | 20:35:54 |
| 19 Dec 2024 |
|  bbigras left the room. | 01:48:11 |
| 21 Dec 2024 |
|  @sleepymonad:matrix.org joined the room. | 21:18:32 |
| @sleepymonad:matrix.org set a profile picture. | 21:56:39 |
| 22 Dec 2024 |
|  @taotien:matrix.org left the room. | 05:30:43 |
|  allrealmsoflife joined the room. | 20:27:20 |
| 26 Dec 2024 |
|  nevoyu joined the room. | 01:41:14 |
| nevoyu left the room. | 01:41:59 |
|  elikoga changed their display name from elikoga to elikoga (@38c3 📞448{0,1}. | 15:21:48 |
| elikoga changed their display name from elikoga (@38c3 📞448{0,1} to elikoga (@38c3 📞448{0,1}). | 15:26:03 |
