| 25 Apr 2024 |
|  @adam:robins.wtf left the room. | 19:35:06 |
| 26 Apr 2024 |
 martijn | Ello, is there maybe someone with reviewer/merge privileges that can look at the empty line in key bug? 3 people made pull requests for it already.
https://github.com/ryantm/agenix/pull/256 | 11:43:47 |
 ryantm | Merged! | 12:59:29 |
| martijn | Legend, thanks! | 12:59:47 |
|  Federico Damián Schonborn changed their profile picture. | 14:48:38 |
|  Qyriad changed their display name from Qyriad to Qyriad (she/they). | 23:47:44 |
| Qyriad changed their display name from Qyriad (she/they) to Qyriad. | 23:47:57 |
| 27 Apr 2024 |
| Qyriad changed their display name from Qyriad to Qyriad . | 00:01:06 |
| Qyriad changed their display name from Qyriad to Qyriad. | 00:09:42 |
|  @lychee:lefishe.club left the room. | 14:37:34 |
|  rjt joined the room. | 19:22:49 |
|  fwam joined the room. | 20:21:35 |
| fwam | hey! | 20:21:41 |
| fwam | i'm having this weird problem. | 20:21:50 |
| fwam | Failed assertions:
- age.identityPaths must be set.
| 20:22:01 |
| fwam | the problem is, i do not replace it anywhere, and if i understand correctly, it has a default value normally? | 20:22:29 |
| ryantm | You probably don't have openssh service running on your target machine. It uses those host keys by default. | 20:24:57 |
| fwam | oh, yeah. I have host key, but not the openssh service itself. thought it's not needed. | 20:25:36 |
| rjt | Hi,
I'm having trouble linking a secret into ~/.config with the appropriate user/group/permissions. The secret is declared like so:
age.secrets.spam = {
file = ./spam.age;
owner = "rjt";
group = "users";
mode = "0600";
};
This works as expected and /run/agenix/spam has the correct permissions etc., but I can't seem get it into ~/.config/spam/spam.conf. I've tried:
-
Adding path = "/home/rjt/.config/spam/spam.conf"; to the above, but then the symlink is owned by root and has the wrong permissions (rwx for everyone)
-
Doing 1. and adding symlink = false; creates ~/.config/spam/spam.conf with the correct permissions etc. but then the parent directory (~/.config/spam) is owned by root and so other (not secret) configuration files can't be written into it
-
Using home-manager.users.rjt.xdg.configFile."spam/spam.conf" = ... doesn't work because it's impure (I'm using flakes)
Any suggestions?
| 20:28:01 |
| ryantm | In reply to @fwam:femdom.solutions
oh, yeah. I have host key, but not the openssh service itself. thought it's not needed. It's not required, but you'd need to specify the identity path in that case. | 20:33:06 |
| ryantm | It does not recursively create the target directory with those permissions. You'll need to use systems.tmpfiles options to create the directory. | 20:35:43 |
| rjt | I've just been looking at the agenix source and see reference to a (newish) home-manager module. Would you recommend using systemd.tmpfiles rather than that? | 20:40:56 |
| ryantm | I don't know honestly. The people that made the home manager integration never wrote docs for it. | 20:43:35 |
| rjt | systemd.tmpfiles worked, thanks for you help with this and your work all around the nix universe!
I might have a go at seeing what the home-manager module does at some point.
| 20:50:03 |
| 28 Apr 2024 |
|  dave joined the room. | 13:01:32 |
|  @rynitee:matrix.org joined the room. | 17:01:49 |
| @rynitee:matrix.org | hello, im trying to setup agenix, but I'm struggling with the following error:
[agenix] creating new generation in /run/agenix.d/4
[agenix] decrypting secrets...
decrypting '/nix/store/lnji5fvavqs50l9abwf693r00d38nb3x-github.age' to '/run/agenix.d/4/github'...
age: error: no identity matched any of the recipients
age: report unexpected or unhelpful errors at https://filippo.io/age/report
chmod: cannot access '/run/agenix.d/4/github.tmp': No such file or directory
mv: cannot stat '/run/agenix.d/4/github.tmp': No such file or directory
[agenix] symlinking new secrets to /run/agenix (generation 4)...
[agenix] removing old secrets (generation 3)...
Activation script snippet 'agenixInstall' failed (1)
[agenix] chowning...
chown: cannot access '/run/agenix.d/4/github': No such file or directory
Activation script snippet 'agenixChown' failed (1)
setting up /etc...
reloading user units for bwkam...
setting up tmpfiles
restarting the following units: nix-daemon.service
warning: error(s) occurred while switching to the new configuration
| 17:02:26 |
| @rynitee:matrix.org | https://github.com/bwkam/dots/blob/6c19952dbf52f79726d82c3e637890e1a9c461d8/home/configuration.nix#L24C1-L33C1
that's my only usage so far | 17:04:11 |
| ryantm | That means it couldn't decrypt the file. You need to encrypt it with the same key you use to decrypt (and other ones if you want). | 17:08:52 |
| @rynitee:matrix.org | In reply to@ryantm:matrix.org
That means it couldn't decrypt the file. You need to encrypt it with the same key you use to decrypt (and other ones if you want). sorry, which file/ | 17:10:40 |
