7 Jun 2024 |
hexa | * agenix is wrapping age | 21:00:47 |
hexa | and you'll want agenix | 21:00:51 |
conr | in what dir? | 21:01:12 |
conr | the /etc/secrets are on the nixos system right? no my mac? | 21:01:53 |
hexa | agenix will ship the encrypted secrets into your targets nix store | 21:03:35 |
hexa | * agenix will ship the encrypted secrets into your target's nix store | 21:03:39 |
conr | In reply to @hexa:lossy.network agenix will ship the encrypted secrets into your target's nix store but this command agenix -e secret1.age | 21:05:08 |
conr | does nothing. | 21:05:12 |
conr | agenix: command not found | 21:05:30 |
hexa | well, you don't have agenix installed | 21:05:47 |
conr | do i need to add it to my configuration.nix ? | 21:06:10 |
hexa | possibly | 21:06:24 |
hexa | https://github.com/ryantm/agenix?tab=readme-ov-file#installation | 21:06:36 |
hexa | there is a few ways to get it installed | 21:06:40 |
conr | oh crap, the md document didn't expand flakes section, so sorry. | 21:07:28 |
conr | should the creation of /etc/secrets/secrets.nix should be done with root correct? | 21:16:18 |
conr | Inputs:
├───agenix: github:ryantm/agenix/c2fc0762bbe8feb06a2e59a364fa81b3a57671c9
│ ├───darwin: github:lnl7/nix-darwin/4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d
│ │ └───nixpkgs follows input 'agenix/nixpkgs'
│ ├───home-manager: github:nix-community/home-manager/3bfaacf46133c037bb356193bd2f1765d9dc82c1
│ │ └───nixpkgs follows input 'agenix/nixpkgs'
│ ├───nixpkgs: github:NixOS/nixpkgs/54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6
│ └───systems: github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e
| 21:27:39 |
conr | i have it installed via flake but its still not recognizing the agenix command. | 21:28:03 |
conr | ryantm: i'm so confused on what to do on this part agenix -e secret1.age of the guide. | 22:05:01 |
conr | i finally got it. | 23:04:47 |
conr | Can i create a secret that a json object and not just 1 string? | 23:21:09 |
conr | are there any examples of this? | 23:22:01 |
8 Jun 2024 |
ryantm | Secrets are files. Not strings. You can save json to a file. It sounds like maybe you're trying to use secrets at eval time which is not how this works. | 00:27:57 |
conr | In reply to @ryantm:matrix.org Secrets are files. Not strings. You can save json to a file. It sounds like maybe you're trying to use secrets at eval time which is not how this works. When does it evaluate them, on build? | 00:56:07 |
ryantm | At evaluation time you can access the file path they will be decrypted to upon activation. | 01:06:48 |
conr | In reply to @ryantm:matrix.org At evaluation time you can access the file path they will be decrypted to upon activation. if i wanted to store multiple secrets in one file and encrypt to import to the configuration.nix , would i need to save it as a .nix file before encrypting it? | 19:47:46 |
522 | In reply to @conr:mozilla.org if i wanted to store multiple secrets in one file and encrypt to import to the configuration.nix , would i need to save it as a .nix file before encrypting it? don't store multiple secrets in one file | 19:59:00 |
522 | make a file per secret | 19:59:05 |
522 | it's decrypted after your system is built as in, when it boots it's decrypted, not when it's built | 19:59:32 |
522 | so .nix doesn't exist at that point | 19:59:39 |