!XLCFfvFhUkYwOMLbVx:nixos.org

agenix

355 Members
age-encrypted secrets for NixOS https://github.com/ryantm/agenix/90 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
27 Dec 2023
@5m5z3q888q5prxkg:chat.lightnovel-dungeon.de@5m5z3q888q5prxkg:chat.lightnovel-dungeon.dethanks <304:30:43
29 Dec 2023
@dearrude:nitro.chat@dearrude:nitro.chat left the room.14:50:14
30 Dec 2023
@tommy:datenkollektiv.netTommy changed their display name from Tommy (☎️ 2903) to Tommy.23:29:44
31 Dec 2023
@philiptaron:matrix.org@philiptaron:matrix.org changed their display name from Philip Taron to Philip Taron (UTC-8).18:10:47
3 Jan 2024
@tony_klink:matrix.org@tony_klink:matrix.org joined the room.17:09:47
@tony_klink:matrix.org@tony_klink:matrix.org

Hi everyone! I want to use agenix with age-plugin-yubikey. I've set up identities and everything seems to work until reboot. During the boot I get the error

Jan 03 11:01:39 tower stage-2-init: running activation script...
Jan 03 11:01:39 tower stage-2-init: [agenix] creating new generation in /run/agenix.d/1
Jan 03 11:01:39 tower stage-2-init: [agenix] decrypting secrets...
Jan 03 11:01:39 tower stage-2-init: decrypting '/nix/store/l25wrbadm26gw929lc9rm9694dc82q>
Jan 03 11:01:39 tower stage-2-init: Error: pcscd is not running.
Jan 03 11:01:39 tower stage-2-init: If you are on Debian or Ubuntu, you can install it wi>
Jan 03 11:01:39 tower stage-2-init: sudo apt-get install pcscd
Jan 03 11:01:39 tower stage-2-init: [ Did this not do what you expected? Could an error b>
Jan 03 11:01:39 tower stage-2-init: [ Tell us: https://str4d.xyz/age-plugin-yubikey/repor>
Jan 03 11:01:39 tower stage-2-init: Error: pcscd is not running.
Jan 03 11:01:39 tower stage-2-init: If you are on Debian or Ubuntu, you can install it wi>
Jan 03 11:01:39 tower stage-2-init: sudo apt-get install pcscd
Jan 03 11:01:39 tower stage-2-init: [ Did this not do what you expected? Could an error b>
Jan 03 11:01:39 tower stage-2-init: [ Tell us: https://str4d.xyz/age-plugin-yubikey/repor>
Jan 03 11:01:39 tower stage-2-init: [agenix] WARNING: no readable identities found!
Jan 03 11:01:39 tower stage-2-init: Failed to query password: Timer expired
Jan 03 11:01:39 tower stage-2-init: Error: Missing identities.
Jan 03 11:01:39 tower stage-2-init: Did you forget to specify -i/--identity?
Jan 03 11:01:39 tower stage-2-init: [ Did rage not do what you expected? Could an error b>
Jan 03 11:01:39 tower stage-2-init: [ Tell us: https://str4d.xyz/rage/report             >
Jan 03 11:01:39 tower stage-2-init: chmod: cannot access '/run/agenix.d/1/test.tmp': No s>
Jan 03 11:01:39 tower stage-2-init: mv: cannot stat '/run/agenix.d/1/test.tmp': No such f>
Jan 03 11:01:39 tower stage-2-init: [agenix] symlinking new secrets to /run/agenix (gener>
Jan 03 11:01:39 tower stage-2-init: Activation script snippet 'agenixInstall' failed (1)
Jan 03 11:01:39 tower stage-2-init: reviving group 'geoclue' with GID 999
Jan 03 11:01:39 tower stage-2-init: reviving group 'nscd' with GID 998
Jan 03 11:01:39 tower stage-2-init: reviving group 'podman' with GID 997
Jan 03 11:01:39 tower stage-2-init: reviving group 'polkituser' with GID 996
Jan 03 11:01:39 tower stage-2-init: reviving group 'rtkit' with GID 995
Jan 03 11:01:39 tower stage-2-init: reviving group 'systemd-coredump' with GID 993
Jan 03 11:01:39 tower stage-2-init: reviving group 'systemd-oom' with GID 992
Jan 03 11:01:39 tower stage-2-init: reviving user 'geoclue' with UID 999
Jan 03 11:01:39 tower stage-2-init: reviving user 'nm-iodine' with UID 998
Jan 03 11:01:39 tower stage-2-init: reviving user 'nscd' with UID 997
Jan 03 11:01:39 tower stage-2-init: warning: password file ‘/run/agenix/test’ does not ex>
Jan 03 11:01:39 tower stage-2-init: reviving user 'rtkit' with UID 996
Jan 03 11:01:39 tower stage-2-init: reviving user 'systemd-oom' with UID 994
Jan 03 11:01:39 tower stage-2-init: [agenix] chowning...
Jan 03 11:01:39 tower stage-2-init: chown: cannot access '/run/agenix.d/1/test': No such file or directory
Jan 03 11:01:39 tower stage-2-init: Activation script snippet 'agenixChown' failed (1)
Jan 03 11:01:39 tower stage-2-init: setting up /etc...

It seems like pcscd isn't started on time, event if I have it enabled services.pcscd.enable = true;

17:23:25
@tony_klink:matrix.org@tony_klink:matrix.org *

Hi everyone! I want to use agenix with age-plugin-yubikey. I've set up identities and everything seems to work until reboot. During the boot I get the error

Jan 03 11:01:39 tower stage-2-init: running activation script...
Jan 03 11:01:39 tower stage-2-init: [agenix] creating new generation in /run/agenix.d/1
Jan 03 11:01:39 tower stage-2-init: [agenix] decrypting secrets...
Jan 03 11:01:39 tower stage-2-init: decrypting '/nix/store/l25wrbadm26gw929lc9rm9694dc82q>
Jan 03 11:01:39 tower stage-2-init: Error: pcscd is not running.
Jan 03 11:01:39 tower stage-2-init: If you are on Debian or Ubuntu, you can install it wi>
Jan 03 11:01:39 tower stage-2-init: sudo apt-get install pcscd
Jan 03 11:01:39 tower stage-2-init: [ Did this not do what you expected? Could an error b>
Jan 03 11:01:39 tower stage-2-init: [ Tell us: https://str4d.xyz/age-plugin-yubikey/repor>
Jan 03 11:01:39 tower stage-2-init: Error: pcscd is not running.
Jan 03 11:01:39 tower stage-2-init: If you are on Debian or Ubuntu, you can install it wi>
Jan 03 11:01:39 tower stage-2-init: sudo apt-get install pcscd
Jan 03 11:01:39 tower stage-2-init: [ Did this not do what you expected? Could an error b>
Jan 03 11:01:39 tower stage-2-init: [ Tell us: https://str4d.xyz/age-plugin-yubikey/repor>
Jan 03 11:01:39 tower stage-2-init: [agenix] WARNING: no readable identities found!
Jan 03 11:01:39 tower stage-2-init: Failed to query password: Timer expired
Jan 03 11:01:39 tower stage-2-init: Error: Missing identities.
Jan 03 11:01:39 tower stage-2-init: Did you forget to specify -i/--identity?
Jan 03 11:01:39 tower stage-2-init: [ Did rage not do what you expected? Could an error b>
Jan 03 11:01:39 tower stage-2-init: [ Tell us: https://str4d.xyz/rage/report             >
Jan 03 11:01:39 tower stage-2-init: chmod: cannot access '/run/agenix.d/1/test.tmp': No s>
Jan 03 11:01:39 tower stage-2-init: mv: cannot stat '/run/agenix.d/1/test.tmp': No such f>
Jan 03 11:01:39 tower stage-2-init: [agenix] symlinking new secrets to /run/agenix (gener>
Jan 03 11:01:39 tower stage-2-init: Activation script snippet 'agenixInstall' failed (1)
Jan 03 11:01:39 tower stage-2-init: reviving group 'geoclue' with GID 999
Jan 03 11:01:39 tower stage-2-init: reviving group 'nscd' with GID 998
Jan 03 11:01:39 tower stage-2-init: reviving group 'podman' with GID 997
Jan 03 11:01:39 tower stage-2-init: reviving group 'polkituser' with GID 996
Jan 03 11:01:39 tower stage-2-init: reviving group 'rtkit' with GID 995
Jan 03 11:01:39 tower stage-2-init: reviving group 'systemd-coredump' with GID 993
Jan 03 11:01:39 tower stage-2-init: reviving group 'systemd-oom' with GID 992
Jan 03 11:01:39 tower stage-2-init: reviving user 'geoclue' with UID 999
Jan 03 11:01:39 tower stage-2-init: reviving user 'nm-iodine' with UID 998
Jan 03 11:01:39 tower stage-2-init: reviving user 'nscd' with UID 997
Jan 03 11:01:39 tower stage-2-init: warning: password file ‘/run/agenix/test’ does not ex>
Jan 03 11:01:39 tower stage-2-init: reviving user 'rtkit' with UID 996
Jan 03 11:01:39 tower stage-2-init: reviving user 'systemd-oom' with UID 994
Jan 03 11:01:39 tower stage-2-init: [agenix] chowning...
Jan 03 11:01:39 tower stage-2-init: chown: cannot access '/run/agenix.d/1/test': No such file or directory
Jan 03 11:01:39 tower stage-2-init: Activation script snippet 'agenixChown' failed (1)
Jan 03 11:01:39 tower stage-2-init: setting up /etc...

It seems like pcscd isn't started on time, event if I have it enabled services.pcscd.enable = true;
Also I have impermanence enabled on this machine

17:25:07
@tony_klink:matrix.org@tony_klink:matrix.orgFound possible solution in this repo https://github.com/babeuh/nix-config/blob/522d0b2167094897ff1d45a35efc9613fff511df/hosts/common/secrets.nix#L27 Thank you!20:46:53
@tony_klink:matrix.org@tony_klink:matrix.org left the room.20:47:05
4 Jan 2024
@5m5z3q888q5prxkg:chat.lightnovel-dungeon.de@5m5z3q888q5prxkg:chat.lightnovel-dungeon.de changed their display name from Shane on Conduit.rs ⚡️ and Fractal 🦀️ to Krey.23:36:55
5 Jan 2024
@5m5z3q888q5prxkg:chat.lightnovel-dungeon.de@5m5z3q888q5prxkg:chat.lightnovel-dungeon.de changed their display name from Krey to Shane on Conduit.rs ⚡️ and Fractal 🦀️.00:36:34
7 Jan 2024
@galaxyyy:matrix.org@galaxyyy:matrix.org joined the room.10:04:05
@federicodschonborn:matrix.org@federicodschonborn:matrix.org Is there a way to use Agenix with a SSH key stored in a Yubikey? 22:45:26
@federicodschonborn:matrix.org@federicodschonborn:matrix.org I can't pass a file as an identity because the private key can't be fetched out of the Yubikey 22:45:52
8 Jan 2024
@emiller:beeper.comEdmund Miller
In reply to @federicodschonborn:matrix.org
Is there a way to use Agenix with a SSH key stored in a Yubikey?
Maybe with PIV? Just went on a whole trip using age-plugin-yubikey with PIV, because you can't use the fancy new -sk ssh keys aparently. Why, idk, that's above my pay-grade. 		02:50:25
@uep:matrix.orguep the -sk keys are stored on-device, and are used for signing. They can't be taken off the device to decrypt with 02:56:28
12 Jan 2024
@onny:matrix.orgonny joined the room.13:58:02

Show newer messages

Back to Room ListRoom Version: 6