| 27 Apr 2024 |
|  Qyriad changed their display name from Qyriad to Qyriad . | 00:01:06 |
| Qyriad changed their display name from Qyriad to Qyriad. | 00:09:42 |
|  @lychee:lefishe.club left the room. | 14:37:34 |
|  rjt joined the room. | 19:22:49 |
|  fwam joined the room. | 20:21:35 |
| fwam | hey! | 20:21:41 |
| fwam | i'm having this weird problem. | 20:21:50 |
| fwam | Failed assertions:
- age.identityPaths must be set.
| 20:22:01 |
| fwam | the problem is, i do not replace it anywhere, and if i understand correctly, it has a default value normally? | 20:22:29 |
 ryantm | You probably don't have openssh service running on your target machine. It uses those host keys by default. | 20:24:57 |
| fwam | oh, yeah. I have host key, but not the openssh service itself. thought it's not needed. | 20:25:36 |
| rjt | Hi,
I'm having trouble linking a secret into ~/.config with the appropriate user/group/permissions. The secret is declared like so:
age.secrets.spam = {
file = ./spam.age;
owner = "rjt";
group = "users";
mode = "0600";
};
This works as expected and /run/agenix/spam has the correct permissions etc., but I can't seem get it into ~/.config/spam/spam.conf. I've tried:
-
Adding path = "/home/rjt/.config/spam/spam.conf"; to the above, but then the symlink is owned by root and has the wrong permissions (rwx for everyone)
-
Doing 1. and adding symlink = false; creates ~/.config/spam/spam.conf with the correct permissions etc. but then the parent directory (~/.config/spam) is owned by root and so other (not secret) configuration files can't be written into it
-
Using home-manager.users.rjt.xdg.configFile."spam/spam.conf" = ... doesn't work because it's impure (I'm using flakes)
Any suggestions?
| 20:28:01 |
| ryantm | In reply to @fwam:femdom.solutions
oh, yeah. I have host key, but not the openssh service itself. thought it's not needed. It's not required, but you'd need to specify the identity path in that case. | 20:33:06 |
| ryantm | It does not recursively create the target directory with those permissions. You'll need to use systems.tmpfiles options to create the directory. | 20:35:43 |
| rjt | I've just been looking at the agenix source and see reference to a (newish) home-manager module. Would you recommend using systemd.tmpfiles rather than that? | 20:40:56 |
| ryantm | I don't know honestly. The people that made the home manager integration never wrote docs for it. | 20:43:35 |
| rjt | systemd.tmpfiles worked, thanks for you help with this and your work all around the nix universe!
I might have a go at seeing what the home-manager module does at some point.
| 20:50:03 |
| 28 Apr 2024 |
|  dave joined the room. | 13:01:32 |
|  @rynitee:matrix.org joined the room. | 17:01:49 |
| @rynitee:matrix.org | hello, im trying to setup agenix, but I'm struggling with the following error:
[agenix] creating new generation in /run/agenix.d/4
[agenix] decrypting secrets...
decrypting '/nix/store/lnji5fvavqs50l9abwf693r00d38nb3x-github.age' to '/run/agenix.d/4/github'...
age: error: no identity matched any of the recipients
age: report unexpected or unhelpful errors at https://filippo.io/age/report
chmod: cannot access '/run/agenix.d/4/github.tmp': No such file or directory
mv: cannot stat '/run/agenix.d/4/github.tmp': No such file or directory
[agenix] symlinking new secrets to /run/agenix (generation 4)...
[agenix] removing old secrets (generation 3)...
Activation script snippet 'agenixInstall' failed (1)
[agenix] chowning...
chown: cannot access '/run/agenix.d/4/github': No such file or directory
Activation script snippet 'agenixChown' failed (1)
setting up /etc...
reloading user units for bwkam...
setting up tmpfiles
restarting the following units: nix-daemon.service
warning: error(s) occurred while switching to the new configuration
| 17:02:26 |
| @rynitee:matrix.org | https://github.com/bwkam/dots/blob/6c19952dbf52f79726d82c3e637890e1a9c461d8/home/configuration.nix#L24C1-L33C1
that's my only usage so far | 17:04:11 |
| ryantm | That means it couldn't decrypt the file. You need to encrypt it with the same key you use to decrypt (and other ones if you want). | 17:08:52 |
| @rynitee:matrix.org | In reply to@ryantm:matrix.org
That means it couldn't decrypt the file. You need to encrypt it with the same key you use to decrypt (and other ones if you want). sorry, which file/ | 17:10:40 |
| @rynitee:matrix.org | * sorry, which file? | 17:10:45 |
| @rynitee:matrix.org | oh github.age | 17:11:20 |
| @rynitee:matrix.org | In reply to@ryantm:matrix.org
That means it couldn't decrypt the file. You need to encrypt it with the same key you use to decrypt (and other ones if you want). I'm not sure how to exactly do this, do you mind showing a quick example? :) | 17:12:15 |
| @rynitee:matrix.org | I was just following the steps outlined here
https://github.com/ryantm/agenix?tab=readme-ov-file#tutorial | 17:13:44 |
| @rynitee:matrix.org | and that is step 7 | 17:14:04 |
| @rynitee:matrix.org | hm I'm not sure why it's not encrypting using the same decryption key, I've revised my configuration and it looks okay | 17:42:36 |
| @rynitee:matrix.org | hm so I have both rsa and ed25519, and im not sure which one it is using to decrypt | 17:52:48 |
