agenix - Public Room Timeline

	agenix	344 Members
	age-encrypted secrets for NixOS https://github.com/ryantm/agenix/	100 Servers

Load older messages

Sender	Message	Time
7 May 2024
	fwam changed their display name from Xenia Estella to fwam.	23:02:40
12 May 2024
@5m5z3q888q5prxkg:chat.lightnovel-dungeon.de	why is `$ nix build 'github:kreyren/nixos-config#pelagus'` Giving me: `error: attribute 'age' missing at /nix/store/kbjh1m0095mq20yhzvqn59d1qj0xnwhz-source/src/nixos/machines/pelagus/default.nix:120:26: 119\| #"mracek.nixium ${config.age.secrets.mracek-onion.path}" # Add Tor Alias 120\| "pelagus.systems.nx ${config.age.secrets.pelagus-onion.path}" \| ^ 121\| #"gitea.nixium ....onion" # Export Gitea`	17:01:56
@5m5z3q888q5prxkg:chat.lightnovel-dungeon.de	It works fine for user password	17:02:28
13 May 2024
	h0m1 joined the room.	13:40:38
simonwjackson	I'm getting this on a new machine: activating the configuration... [agenix] creating new generation in /run/agenix.d/3 [agenix] decrypting secrets... decrypting '/nix/store/vavmhf0jfvflmy9v0rny4hxj7lvv2zl0-tailscale.age' to '/run/agenix.d/3/tailscale'... age: error: no identity matched any of the recipients age: report unexpected or unhelpful errors at https://filippo.io/age/report chmod: cannot access '/run/agenix.d/3/tailscale.tmp': No such file or directory mv: cannot stat '/run/agenix.d/3/tailscale.tmp': No such file or directory For context, i am able to use `agenix -e file.age` without any issue	16:37:29
simonwjackson	* Solved: I ran agenix --rekey`, but then synced them to the server in the wrong directory. I'm getting this on a new machine: activating the configuration... [agenix] creating new generation in /run/agenix.d/3 [agenix] decrypting secrets... decrypting '/nix/store/vavmhf0jfvflmy9v0rny4hxj7lvv2zl0-tailscale.age' to '/run/agenix.d/3/tailscale'... age: error: no identity matched any of the recipients age: report unexpected or unhelpful errors at https://filippo.io/age/report chmod: cannot access '/run/agenix.d/3/tailscale.tmp': No such file or directory mv: cannot stat '/run/agenix.d/3/tailscale.tmp': No such file or directory For context, i am able to use `agenix -e file.age` without any issue	16:55:28
14 May 2024
	azahi joined the room.	10:31:56
15 May 2024
	jacekpoz changed their profile picture.	14:48:46
14 May 2024
	chrillefkrr joined the room.	15:43:32
15 May 2024
	jacekpoz changed their profile picture.	14:48:55
18 May 2024
	tchab left the room.	14:28:11
19 May 2024
	@edrzmr:matrix.org left the room.	17:28:27
20 May 2024
	@daschw:matrix.org left the room.	20:52:02
21 May 2024
hexa	`# ls -lah /run/agenix total 4.0K drwxr-xr-x 2 root root 80 May 21 11:38 . drwxr-xr-x 27 root root 680 May 21 11:38 .. lrwxrwxrwx 1 root root 15 May 21 11:38 1 -> /run/agenix.d/1 -rw------- 1 root root 399 May 21 11:38 initrd-ssh-hostkey`	11:39:37
hexa	localhost initrd-nixos-activation-start[546]: [agenix] creating new generation in /run/agenix.d/1 localhost initrd-nixos-activation-start[546]: [agenix] decrypting secrets... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/fdlckxz252c1h9w8sxk0jz95ij7kyz10-eris-acme-env.age' to '/run/agenix.d/1/acme-env'... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/6l5hpmgjqiv9l4vm145axk321kpjwycq-eris-borg-password.age' to '/run/agenix.d/1/borg-password'... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/q2xjgg7hj68man0ybhwa9y3lkbsy9n84-eris-borg-ssh-key.age' to '/run/agenix.d/1/borg-ssh-key'... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/z82sgd160y9lapdnpnjy5zdljb0hqc6z-forgejo-mail-password.age' to '/run/agenix.d/1/forgejo-mail-password'... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/5hl65ll8wi79a6yikc1ya2vn8pbd2fzp-forgejo-secrets-env.age' to '/run/agenix.d/1/forgejo-secrets-env'... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/71ywwjyivfyyyqhv26npd83x5d6n3vgs-eris-initrd-ssh-hostkey.age' to '/run/agenix.d/1/initrd-ssh-hostkey'... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/13qbli5mplldjspr2la07cxpc3h59mff-eris-wg-private-key.age' to '/run/agenix.d/1/wg-private-key'... localhost initrd-nixos-activation-start[546]: [agenix] symlinking new secrets to /run/agenix (generation 1)... localhost initrd-nixos-activation-start[546]: [agenix] chowning... localhost initrd-nixos-activation-start[546]: [agenix] creating new generation in /run/agenix.d/1 localhost initrd-nixos-activation-start[546]: [agenix] decrypting secrets... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/fdlckxz252c1h9w8sxk0jz95ij7kyz10-eris-acme-env.age' to '/run/agenix.d/1/acme-env'... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/6l5hpmgjqiv9l4vm145axk321kpjwycq-eris-borg-password.age' to '/run/agenix.d/1/borg-password'... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/q2xjgg7hj68man0ybhwa9y3lkbsy9n84-eris-borg-ssh-key.age' to '/run/agenix.d/1/borg-ssh-key'... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/z82sgd160y9lapdnpnjy5zdljb0hqc6z-forgejo-mail-password.age' to '/run/agenix.d/1/forgejo-mail-password'... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/5hl65ll8wi79a6yikc1ya2vn8pbd2fzp-forgejo-secrets-env.age' to '/run/agenix.d/1/forgejo-secrets-env'... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/71ywwjyivfyyyqhv26npd83x5d6n3vgs-eris-initrd-ssh-hostkey.age' to '/run/agenix.d/1/initrd-ssh-hostkey'... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/13qbli5mplldjspr2la07cxpc3h59mff-eris-wg-private-key.age' to '/run/agenix.d/1/wg-private-key'... localhost initrd-nixos-activation-start[546]: [agenix] symlinking new secrets to /run/agenix (generation 1)... localhost initrd-nixos-activation-start[546]: [agenix] chowning...	11:40:00
hexa	I'm not quite sure where `/run/agenix/initrd-ssh-hostkey` comes from	11:40:14
hexa	but due to the file existing the agenix generation folder lands at the wrong location	11:40:43
hexa	* `# ls -lah /run/agenix total 4.0K drwxr-xr-x 2 root root 80 May 21 11:38 . drwxr-xr-x 27 root root 680 May 21 11:38 .. lrwxrwxrwx 1 root root 15 May 21 11:38 1 -> /run/agenix.d/1 -rw------- 1 root root 399 May 21 11:38 initrd-ssh-hostkey <--- The problem`	11:41:56
hexa	`# journalctl -b0 \| grep initrd-ssh-hostkey May 21 11:38:22 localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/71ywwjyivfyyyqhv26npd83x5d6n3vgs-eris-initrd-ssh-hostkey.age' to '/run/agenix.d/1/initrd-ssh-hostkey'... May 21 11:38:22 localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/71ywwjyivfyyyqhv26npd83x5d6n3vgs-eris-initrd-ssh-hostkey.age' to '/run/agenix.d/1/initrd-ssh-hostkey'...`	11:42:41
hexa	whatever puts the file there … doesn't log anything about it	11:42:57
hexa	but initrd-ssh-hostkey is in fact one of the secrets it decrypts	12:49:35
oddlama	There a long standing PR by me that would fix this: https://github.com/ryantm/agenix/pull/187	12:57:33
oddlama	In my case it's the initrd that includes the file when it is generated	12:57:58
oddlama	currently the PR only makes agenix emit an error, but i guess one could argue that it should replace the directory	13:07:55
hexa	ryantm: can we get your eyes on PR 187?	13:24:14
hexa	In reply to @oddlama:matrix.org In my case it's the initrd that includes the file when it is generated Disabling initrd ssh does indeed make the problem go away.	13:26:54
oddlama	Since I require this in my config I opted to just add an activation script that removes the directory (https://github.com/oddlama/nix-config/blob/7bb25e5d7a1f66dce2f50389bb3ce9bdc5eaab38/modules/config/secrets.nix#L48-L58)	13:29:49
hexa	haha ok 😄	13:31:57
hexa	I also think that this started happening when I switched to systemd-initrd, does that make sense?	13:32:42
hexa	works for me, thank you	13:34:17

Show newer messages

Back to Room ListRoom Version: 6