| 1 May 2023 |
 Florian | netpleb: can't you do a bind Mount to your key in the host? | 09:47:54 |
 cole-h | You could also make it available "somewhere" and set age.identityPaths to that (stringly-typed) path | 13:42:14 |
| cole-h | ("make it available" left as an exercise to the reader) | 13:42:27 |
 netpleb | thanks Florian and cole-h for your replies. Say I want to go the "bind Mount" direction, I am confused how that is done with flakes. Can the target system somehow mount a directory which exists only on the build system (where build system here is the place I am running the relevant nixos-rebuild --flake ... command? | 18:19:28 |
| netpleb | * thanks Florian and cole-h for your replies. Say I want to go the "bind Mount" direction, I am confused how that is done with flakes. Can the target system somehow mount a directory which exists only on the build system, where build system here is the place I am running the relevant nixos-rebuild --flake ... command? | 18:19:40 |
| netpleb | In reply to @cole-h:matrix.org
("make it available" left as an exercise to the reader) ultimately this "make it available" exercise is probably the part I currently understand the least :-/. Any hints? | 18:25:43 |
| cole-h | I don't use containers, sorry. But it's likely something you'd have to specify in the container's config, somewhere. | 18:27:53 |
| netpleb | Thanks. But what about for a non-container? For example, I have another system I am doing this on, defined in the same flake, which is not a nixos container. Are you saying it is (roughly speaking) as easy as somehow setting a configuration inside the flake such that it will automatically be able to access something on the build system? that would be great! | 18:31:00 |
| netpleb | maybe a better question that is more agenix-specific is: by the time agenix is "running" (doing the decrypting of secrets), does it have access at all to the system that built the flake? or is that simply not how flakes/agenix works? | 18:54:07 |
