agenix - Public Room Timeline

	agenix	255 Members
	age-encrypted secrets for NixOS https://github.com/ryantm/agenix/	81 Servers

Load older messages

Sender	Message	Time
20 May 2024
	@daschw:matrix.org left the room.	20:52:02
21 May 2024
hexa	`# ls -lah /run/agenix total 4.0K drwxr-xr-x 2 root root 80 May 21 11:38 . drwxr-xr-x 27 root root 680 May 21 11:38 .. lrwxrwxrwx 1 root root 15 May 21 11:38 1 -> /run/agenix.d/1 -rw------- 1 root root 399 May 21 11:38 initrd-ssh-hostkey`	11:39:37
hexa	localhost initrd-nixos-activation-start[546]: [agenix] creating new generation in /run/agenix.d/1 localhost initrd-nixos-activation-start[546]: [agenix] decrypting secrets... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/fdlckxz252c1h9w8sxk0jz95ij7kyz10-eris-acme-env.age' to '/run/agenix.d/1/acme-env'... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/6l5hpmgjqiv9l4vm145axk321kpjwycq-eris-borg-password.age' to '/run/agenix.d/1/borg-password'... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/q2xjgg7hj68man0ybhwa9y3lkbsy9n84-eris-borg-ssh-key.age' to '/run/agenix.d/1/borg-ssh-key'... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/z82sgd160y9lapdnpnjy5zdljb0hqc6z-forgejo-mail-password.age' to '/run/agenix.d/1/forgejo-mail-password'... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/5hl65ll8wi79a6yikc1ya2vn8pbd2fzp-forgejo-secrets-env.age' to '/run/agenix.d/1/forgejo-secrets-env'... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/71ywwjyivfyyyqhv26npd83x5d6n3vgs-eris-initrd-ssh-hostkey.age' to '/run/agenix.d/1/initrd-ssh-hostkey'... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/13qbli5mplldjspr2la07cxpc3h59mff-eris-wg-private-key.age' to '/run/agenix.d/1/wg-private-key'... localhost initrd-nixos-activation-start[546]: [agenix] symlinking new secrets to /run/agenix (generation 1)... localhost initrd-nixos-activation-start[546]: [agenix] chowning... localhost initrd-nixos-activation-start[546]: [agenix] creating new generation in /run/agenix.d/1 localhost initrd-nixos-activation-start[546]: [agenix] decrypting secrets... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/fdlckxz252c1h9w8sxk0jz95ij7kyz10-eris-acme-env.age' to '/run/agenix.d/1/acme-env'... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/6l5hpmgjqiv9l4vm145axk321kpjwycq-eris-borg-password.age' to '/run/agenix.d/1/borg-password'... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/q2xjgg7hj68man0ybhwa9y3lkbsy9n84-eris-borg-ssh-key.age' to '/run/agenix.d/1/borg-ssh-key'... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/z82sgd160y9lapdnpnjy5zdljb0hqc6z-forgejo-mail-password.age' to '/run/agenix.d/1/forgejo-mail-password'... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/5hl65ll8wi79a6yikc1ya2vn8pbd2fzp-forgejo-secrets-env.age' to '/run/agenix.d/1/forgejo-secrets-env'... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/71ywwjyivfyyyqhv26npd83x5d6n3vgs-eris-initrd-ssh-hostkey.age' to '/run/agenix.d/1/initrd-ssh-hostkey'... localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/13qbli5mplldjspr2la07cxpc3h59mff-eris-wg-private-key.age' to '/run/agenix.d/1/wg-private-key'... localhost initrd-nixos-activation-start[546]: [agenix] symlinking new secrets to /run/agenix (generation 1)... localhost initrd-nixos-activation-start[546]: [agenix] chowning...	11:40:00
hexa	I'm not quite sure where `/run/agenix/initrd-ssh-hostkey` comes from	11:40:14
hexa	but due to the file existing the agenix generation folder lands at the wrong location	11:40:43
hexa	* `# ls -lah /run/agenix total 4.0K drwxr-xr-x 2 root root 80 May 21 11:38 . drwxr-xr-x 27 root root 680 May 21 11:38 .. lrwxrwxrwx 1 root root 15 May 21 11:38 1 -> /run/agenix.d/1 -rw------- 1 root root 399 May 21 11:38 initrd-ssh-hostkey <--- The problem`	11:41:56
hexa	`# journalctl -b0 \| grep initrd-ssh-hostkey May 21 11:38:22 localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/71ywwjyivfyyyqhv26npd83x5d6n3vgs-eris-initrd-ssh-hostkey.age' to '/run/agenix.d/1/initrd-ssh-hostkey'... May 21 11:38:22 localhost initrd-nixos-activation-start[546]: decrypting '/nix/store/71ywwjyivfyyyqhv26npd83x5d6n3vgs-eris-initrd-ssh-hostkey.age' to '/run/agenix.d/1/initrd-ssh-hostkey'...`	11:42:41
hexa	whatever puts the file there … doesn't log anything about it	11:42:57
hexa	but initrd-ssh-hostkey is in fact one of the secrets it decrypts	12:49:35
oddlama	There a long standing PR by me that would fix this: https://github.com/ryantm/agenix/pull/187	12:57:33
oddlama	In my case it's the initrd that includes the file when it is generated	12:57:58
oddlama	currently the PR only makes agenix emit an error, but i guess one could argue that it should replace the directory	13:07:55
hexa	ryantm: can we get your eyes on PR 187?	13:24:14
hexa	In reply to @oddlama:matrix.org In my case it's the initrd that includes the file when it is generated Disabling initrd ssh does indeed make the problem go away.	13:26:54
oddlama	Since I require this in my config I opted to just add an activation script that removes the directory (https://github.com/oddlama/nix-config/blob/7bb25e5d7a1f66dce2f50389bb3ce9bdc5eaab38/modules/config/secrets.nix#L48-L58)	13:29:49
hexa	haha ok 😄	13:31:57
hexa	I also think that this started happening when I switched to systemd-initrd, does that make sense?	13:32:42
hexa	works for me, thank you	13:34:17
oddlama	In reply to @hexa:lossy.network I also think that this started happening when I switched to systemd-initrd, does that make sense? yup, if i recall correctly the other initrd implementation has no secret support and ignores the option	13:43:00
oddlama	or was it tied to the bootloader? 🤔	13:44:11
hexa	oh, that could explain why that one machine with grub is fine and the ones with systemd-boot failed	14:48:37
22 May 2024
	NixOS Moderation Bot banned @5m5z3q888q5prxkg:chat.lightnovel-dungeon.de (Suspended until 2024-05-29).	11:45:54
	NixOS Moderation Botchanged room power levels.	15:25:58
	NixOS Moderation Botchanged room power levels.	15:28:12
	Infinidoge 🏳️‍⚧️ joined the room.	21:59:42
	Infinidoge 🏳️‍⚧️ changed their display name from Infinidoge 🏳️‍⚧️ to Migrated to @infinidoge:inx.moe.	22:35:31
	Infinidoge 🏳️‍⚧️ changed their display name from Migrated to @infinidoge:inx.moe to Infinidoge.	22:37:11
23 May 2024
	Infinidoge 🏳️‍⚧️ changed their display name from Infinidoge to Infinidoge🏳️‍⚧️.	01:31:17
	Infinidoge 🏳️‍⚧️ changed their display name from Infinidoge🏳️‍⚧️ to Infinidoge 🏳️‍⚧️.	01:31:27
	lazycaaat joined the room.	11:09:51

Show newer messages

Back to Room ListRoom Version: 6