Sender | Message | Time |
---|---|---|
4 Dec 2024 | ||
* I am bit lost for a while using agenix with wg-quick (wireguard)
The error I get on startup is the following:
| 12:22:57 | |
* I am a bit lost for a while using agenix with wg-quick (wireguard)
The error I get on startup is the following:
| 12:23:12 | |
* I am a bit lost for a while using agenix with wg-quick (wireguard)
The key I'm talking about is
| 12:24:23 | |
* I am a bit lost for a while using agenix with wg-quick (wireguard)
The key I'm talking about is
Is somebody able to help me? Somewhere I read an issue where somebody did not have the dependency to the file being created. I thought my configuration makes sure this dependency exists. | 12:25:56 | |
Are you maybe using a master identity that isn't yet available (e.g. mounted or linked) in the boot stage when agenix first runs? I also had decryption problems when I tried using a SSH private key from my home folder which only gets mounted after boot by an impermanence systemd unit. I was able to resolve my issue by pointing agenix to the persistent directory which was already available in early boot. | 12:30:34 | |
In reply to @lordkekz:matrix.orgYou might be correct my ssh private key is in ~/.ssh, so that might not be available yet. | 12:32:33 | |
Also you can do `journalctl -b | grep agenix` to see the agenix logs from the initial decryption attempt at boot. (Or instead of `| grep` you can use `| less` and search for agenix, to see the surrounding lines) | 12:35:04 | |
In reply to @bjrnmrtns:matrix.orgOb what filesystem is your ssh key? | 12:35:56 | |
* In reply to @bjrnmrtns:matrix.org You might be correct my ssh private key is in ~/.ssh, so that might not be available yet. On what filesystem is your ssh key? | 12:36:03 | |
it is all in one partition in the root filesystem | 12:37:22 | |
so it should be accessible | 12:37:43 | |
Weird. Can you show me your `mount` output? Maybe there's some shenanigans going on anyway. | 12:38:38 | |
In reply to @lordkekz:matrix.org
| 12:39:12 | |
oh so there is a separate boot partition | 12:39:52 | |
Yeah that's always there. | 12:40:09 | |
In reply to @lordkekz:matrix.org So this might give a better clue:
| 12:41:48 | |
so it is because of the private key | 12:42:05 | |
In reply to @bjrnmrtns:matrix.orgLine 4 ;-) | 12:42:54 | |
Your /home is on a separate btrfs subvolume. I think it should be fine but maybe it gets mounted too late. Make sure to set `filesystems."/home".neededForBoot = true;` in your config, maybe that can help ensure it gets mounted early. | 12:44:24 | |
In reply to @bjrnmrtns:matrix.orgJust as suspected! | 12:45:29 | |
In reply to @lordkekz:matrix.orgBeware typos tho | 12:46:32 | |
* In reply to @lordkekz:matrix.org Your /home is on a separate btrfs subvolume. I think it should be fine but maybe it gets mounted too late. Make sure to set filesystems."/home".neededForBoot = true; in your config, maybe that can help ensure it gets mounted early. Beware typos tho, since I'm on my phone and just doing it from memory | 12:47:02 | |
In reply to @lordkekz:matrix.orgThat makes a lot of sense. I'm going to try it and report back. Thanks a lot so far! | 12:48:34 | |
In reply to @lordkekz:matrix.org fileSystems."/home".neededForBoot = true; did the trick.Thanks a lot for the help with debugging. I was fighting this problem already a few times, but couldn't find the issue. | 12:57:05 | |
Nice! I'm glad I could help :) | 12:59:27 | |
17:36:44 | ||
Hello, I'm having an issue with agenix and was wondering if anybody has any solutions: I have an OCI container that uses an environment file that's decrypted by agenix. However, agenix seems to always use the same path for that file (/run/agenix/whatever.env ) even when its contents change. This makes it so when I update the env file and rebuild my system, the container doesn't get rebuilt since the path hasn't changed. | 17:38:31 | |
* Hello, I'm having an issue with agenix and was wondering if anybody has any solutions: I have an OCI container that uses an environment file that's decrypted by agenix. However, agenix seems to always use the same path for that file (/run/agenix/whatever.env ) even when its contents change. This makes it so when I update the env file and rebuild my system, the container doesn't get recreated since the path hasn't changed. | 17:42:54 | |
Alright, looks like I was able to work around this by making agenix use a hash of the encrypted file as the file name:
| 19:30:57 | |
not ideal, but seems to do the job for now! | 19:31:09 |