!XLCFfvFhUkYwOMLbVx:nixos.org

agenix

383 Members
age-encrypted secrets for NixOS https://github.com/ryantm/agenix/102 Servers

Load older messages

SenderMessageTime
12 Dec 2023
@greg:thehellings.comgregDoing a little bit of checking, the file stops working with rage 0.9.0. Works great with versions up through 0.8.1. I don't see any info from the rage folks about a breaking change05:27:37
@greg:thehellings.comgreg 
greg@jude ~/tmp main @ rage -V
rage 0.8.1
greg@jude ~/tmp main @ rage --decrypt -i ~/.ssh/id_rsa -o - /etc/nixos/secrets/linode-forgejo-runner.age
TOKEN=<redacted>
greg@jude ~/tmp main @ rage -V
rage 0.9.0
greg@jude ~/tmp main @ rage --decrypt -i ~/.ssh/id_rsa -o - /etc/nixos/secrets/linode-forgejo-runner.age
Error: Decryption failed
05:47:13
@ryantm:matrix.orgryantmI wonder how it does with age06:20:48
@greg:thehellings.comgreg

I think that the build in nixpkgs has a problem. Trying to create a new file on the system where I have rage 0.9.2 gives me this message:

Unsupported SSH Key Type
------------------------
OpenSSH supports various different key types, but rage only supports a
subset of these for backwards compatibility, specifically the 'ssh-rsa'
and 'ssh-ed25519' key types. This SSH key uses the unsupported key type
'⁨ssh-rsa⁩'.
15:25:43
@greg:thehellings.comgregAh well, it's a good reason for me to upgrade all my keys to ed25519 anyway.17:38:16
@uep:matrix.orguepI was going to ask if it was something to do with key types, but.. uh.. that's a rather special message.22:41:53
@uep:matrix.orguep * I was going to ask if it was something to do with key types, but rsa should be fine and .. uh.. that's a rather special message.22:42:05
@uep:matrix.orguepthere are several different file content formats for RSA keys, though, and perhaps that's the actual issue?22:43:10
@uep:matrix.orguepregardless, yeah, moving to ed25519 is a win22:43:30
15 Dec 2023
@lep-:matrix.orglep joined the room.13:34:17
@lep-:matrix.orglep does anyone have a full flake using agenix as an example? i'm missing something. the file is successfully decrypted and put under /run/agenix but i cannot use it via config.age.secrets... because nix complains that config as no attribute age 13:44:16
@ryantm:matrix.orgryantm lep: there's sort of one here https://github.com/ryantm/agenix/blob/main/test%2Fintegration.nix#L13 13:49:17
@tim92:matrix.orgtim
In reply to @lep-:matrix.org
does anyone have a full flake using agenix as an example? i'm missing something. the file is successfully decrypted and put under /run/agenix but i cannot use it via config.age.secrets... because nix complains that config as no attribute age
You probably want to load the overlay instead of calling callPackage in your system packages 		13:55:47
@tim92:matrix.orgtimSomething like ``` nixpkgs = { overlays = [ inputs.agenix.overlays.default ]; }; ``` But then you also need to pass the input flake to that file with extraArgs or specialArgs 13:58:25
@lep-:matrix.orglephmm, i think i'm lacking some basic nixos knowledge here.14:01:51
@ryantm:matrix.orgryantmCan you share your flake or a minimal repro?14:06:02
@lep-:matrix.orglepyeah, im considering that14:06:10
@tim92:matrix.orgtimReconsidering my previous statement, the overlay is for the package which you seem to have, you are probably not importing the module which makes the config option available 14:07:43
@lep-:matrix.orglepi will try to do a minimal example but it might take a while. thank you so far.14:09:00
@lep-:matrix.orglep yeah ok, the minimal example works of course. so i have an error on my side somewhere. but i guess now i have an angle to work from. 15:10:37
@lep-:matrix.orglepbecause it seems to work in general15:10:53
16 Dec 2023
@zxfsee:matrix.orgzxfsee joined the room.22:34:30
20 Dec 2023
@l0zzy:matrix.orgJohannes changed their display name from l0zzy to Johannes.13:25:40
@ryantm:matrix.orgryantmhttps://github.com/ryantm/agenix/pull/230 any objections to switching back to the reference implementation age?21:22:36
@ryantm:matrix.orgryantm
In reply to @ryantm:matrix.org
https://github.com/ryantm/agenix/pull/230 any objections to switching back to the reference implementation age?
Here's a good reason: apparently age doesn't build on Darwin https://github.com/ryantm/agenix/actions/runs/7280921838/job/19840358228?pr=230 		21:28:37
21 Dec 2023
@jeroen:simonetti.nljeroenjust wanted to chime in on macos build failing :)12:01:57
@jeroen:simonetti.nljeroenhence, no objection from me12:03:19
@kranzes:matrix.orgIlan Joselevich (Kranzes)Rage works for me but im not on macos or anything 12:30:36
@kranzes:matrix.orgIlan Joselevich (Kranzes)
In reply to @ryantm:matrix.org
Here's a good reason: apparently age doesn't build on Darwin https://github.com/ryantm/agenix/actions/runs/7280921838/job/19840358228?pr=230
age or rage? 		12:31:39
@jeroen:simonetti.nljeroen in my case, it's rage that doesn't build 12:40:20

Show newer messages

Back to Room ListRoom Version: 6