| 22 Aug 2024 |
 @pascal.dietrich:mintux.de | And why do I need two keys? Wouldn't one be sufficient technically? | 19:16:04 |
 uep | yes but then you have to enter it on every boot and activation, which is what you're complaining about :) | 19:17:11 |
| @pascal.dietrich:mintux.de | Ok. Makes sense. | 19:17:39 |
| uep | you need two keys, one (at least) for each of the circumstances in the dot points above | 19:18:06 |
| uep | if you really want just one key, it should be the host key, and you decide you never want an admin to edit it (perhaps you just generate an entirely new secret whenever a change happens) | 19:20:21 |
| uep | think of it like sending a message to the future host while it boots, it needs to be able to decrypt your message | 19:22:01 |
| @pascal.dietrich:mintux.de | Ok. Thanks a lot for your explanations. | 19:22:59 |
| uep | np, good luck | 19:23:18 |
| 29 Aug 2024 |
|  @feathecutie:tchncs.de left the room. | 12:40:43 |
| 31 Aug 2024 |
|  undltd joined the room. | 15:33:53 |
| undltd | Hi everyone. Is there a way to specify in secrets.nix something like "mysecret-*.age" = [ key1 key2 ] so that I don't have to list every file explicitly? | 15:37:23 |
| undltd | Hi everyone. Is there a way to specify in secrets.nix something like "mysecret-*.age".publicKeys = [ key1 key2 ] so that I don't have to list every file explicitly? | 15:38:05 |
| undltd | Also, would it be possible to somehow use an agenix secret for one of the values in virtualisation.oci-containers.containers.<name>.environment? | 16:32:35 |
 ryantm | Yes, you can use nix to read a directory's contents and use that as your secrets.nix output. | 18:31:59 |
| ryantm | Are those containers built when building the OS? If so, no and there wouldn't be much point. | 18:33:46 |
|  @thedevofnight:matrix.org joined the room. | 19:25:12 |
| @thedevofnight:matrix.org changed their display name from Devon Wolfe to thedevofnight. | 19:28:07 |
| @thedevofnight:matrix.org left the room. | 19:28:56 |
| 1 Sep 2024 |
| undltd | In reply to@ryantm:matrix.org
Are those containers built when building the OS? If so, no and there wouldn't be much point. That is a good question... Looks like the containers are instantiated (podman / docker run) by a systemd unit, so that would be during activation. Also I notice there is an environmentFiles option that maps to docker run / podman run --env-file option, which should be ideal to use with agenix. So yeah, should work! | 09:01:48 |
| undltd | That is a good question... Looks like the containers are instantiated (podman / docker run) by a systemd unit, so that would be during boot / activation. Also I notice there is an environmentFiles option that maps to docker run / podman run --env-file option, which should be ideal to use with agenix. So yeah, should work! | 09:02:16 |
| undltd | In reply to@ryantm:matrix.org
Yes, you can use nix to read a directory's contents and use that as your secrets.nix output. How can I access nixpkgs' lib in secrets.nix? | 09:37:51 |
| undltd | (namely lib.attrsets.mergeAttrsList) | 09:56:06 |
| ryantm | Same way you would in any standalone nix file:
let pks = import <nixpkgs> { config ={};}; in ... pkgs.lib | 11:03:09 |
| undltd | Thanks! | 12:32:12 |
| 3 Sep 2024 |
|  @djacu:matrix.org left the room. | 23:29:28 |
| 5 Sep 2024 |
|  lingo5080 joined the room. | 15:55:25 |
| 6 Sep 2024 |
|  Thom Jordan joined the room. | 18:19:09 |
| 7 Sep 2024 |
 /madonius [er|him] | Cheers | 13:35:39 |
| /madonius [er|him] | I am trying to add agenix to a server's configuration and keep getting error: The optionage' does not exist. Definition values:` | 13:36:25 |
| /madonius [er|him] | * I am trying to add agenix to a server's configuration and keep getting error: The optionage' does not exist. Definition values:` | 13:36:31 |
