agenix - Public Room Timeline

	agenix	381 Members
	age-encrypted secrets for NixOS https://github.com/ryantm/agenix/	100 Servers

Load older messages

Sender	Message	Time
11 Nov 2023
zonnebloem	instead of the ssh-keygen	22:01:04
13 Nov 2023
marin	ryantm: is there any docs on how to correctly use agenix with the home-manager module? trying to do something like this: `age.secrets.nixconf.file = ./secrets/nix.conf.age; xdg.configFile."nix/nix.conf".source = config.age.secrets.nixconf.path;` And getting this failure: error: A definition for option `home-manager.users.supermarin.xdg.configFile."nix/nix.conf".source' is not of type `path'. Definition values: - In `/nix/store/czifw4nlbci6fjly2sw0i5qjlph8c3sn-source/home.nix': "$XDG_RUNTIME_DIR/agenix/nixconf" Seen above that someone had a similar issue, but haven't seen any resolution ping on this one	14:16:07
14 Nov 2023
ryantm	marin: Nope. I'm still hoping someone who uses agenix for this will contribute them. I don't use agenix with home manager.	15:42:25
jeroen	I am not sure this is currently active, but at one time I used this: `{ config, pkgs, ... }: { age.secrets.nix-access-tokens-github.file = ../../../secrets/nix.access-tokens-github.age; nix.extraOptions = '' !include ${config.age.secrets.nix-access-tokens-github.path} ''; nix.package = pkgs.nix; }`	16:35:44
jeroen	I con't verify this atm though	16:36:00
jeroen	* I can't verify this atm though	16:36:07
marin	I'm motivated to make this work & document if you're open to help debug the above	20:08:53
marin	jeroen: thanks, I tried that but the `!include` directive just silently failed since the file didn't exist at that path. After a whole activation I still wasn't able to use private flakes	20:09:41
15 Nov 2023
	@grahamc:nixos.orgchanged room power levels.	16:16:10
	@grahamc:nixos.org	16:38:29
Ambroisie	marin: I believe the issue is that `types.path` checks that the string you give it starts with a leading `/` I would expect that making it `source = "/${path}" would be enough to fool it and make it work, _if_ the secret is linked to the path _before_ the home-manager step which copies files in` home.files` (so it might need an explicit ordering to be added) This isn't something I've tested when adding the home-manager module	16:39:01
	@grahamc:nixos.org	16:39:22
marin	Ambroisie: thx! that makes sense. I was thinking today it might make sense to do it in a post activation script, but typing it out loud here, it might not be the best UX	16:41:15
Ambroisie	* marin: I believe the issue is that types.path checks that the string you give it starts with a leading / I would expect that making it source = "/${path}"` would be enough to fool it and make it work, _if_ the secret is linked to the path _before_ the home-manager step which copies files in home.files` (so it might need an explicit ordering to be added) This isn't something I've tested when adding the home-manager module	16:43:37
	@grahamc:nixos.org left the room.	16:42:34
Ambroisie	* marin: I believe the issue is that types.path checks that the string you give it starts with a leading / I would expect that making it `source = "/${path}" would be enough to fool it and make it work, if the secret is linked to the path before the home-manager step which copies files in home.files (so it might need an explicit ordering to be added) This isn't something I've tested when adding the home-manager module	16:43:47
Ambroisie	* marin: I believe the issue is that types.path checks that the string you give it starts with a leading / I would expect that making it `source = "/${path}"` would be enough to fool it and make it work, if the secret is linked to the path before the home-manager step which copies files in home.files (so it might need an explicit ordering to be added) This isn't something I've tested when adding the home-manager module	16:43:59
Ambroisie	* marin: I believe the issue is that types.path checks that the string you give it starts with a leading / I would expect that making it source = "/${path}" would be enough to fool it and make it work, if the secret is linked to the path before the home-manager step which copies files in `home.files` (so it might need an explicit ordering to be added) This isn't something I've tested when adding the home-manager module	16:44:16
Ambroisie	* marin: I believe the issue is that types.path checks that the string you give it starts with a leading / I would expect that making it `source = "/${path}"` would be enough to fool it and make it work, if the secret is linked to the path before the home-manager step which copies files in `home.files` (so it might need an explicit ordering to be added) This isn't something I've tested when adding the home-manager module	16:44:32
marin	I can quickly test it now, but yes, not sure if agenix runs before home-manager (which it should)	16:45:18
marin	* I can quickly test it now, but yes, not sure if agenix runs before home-manager (which I think it should)	16:45:33
marin	nope that wouldn't work `error: access to absolute path '/$XDG_RUNTIME_DIR/agenix/nixconf' is forbidden in pure eval mode (use '--impure' to override)`	16:47:07
	Alyssa Ross joined the room.	17:10:22
Ambroisie	Did you write it exactly as a string? "/${foo}"?	17:10:34
Ambroisie	Or something like `/ + "bar"`	17:10:56
marin	"/${config.age.secrets.nixconf.path}"	17:20:34
marin	Full line: `xdg.configFile."nix/nix.conf".source = "/${config.age.secrets.nixconf.path}"`	17:21:14
marin	It could be a problem in home-manager how it evaulates `.source =`. The non-hm age module has `.path` as string as well, and things work ok	17:22:09
marin	* It could be a problem in home-manager how it evaulates `.source =`. The non-hm age module has `.path` as string as well, and things work ok in configuration.nix	17:22:15
	Alyssa Ross left the room.	17:49:47

Show newer messages

Back to Room ListRoom Version: 6