| 11 Feb 2023 |
|  noonien joined the room. | 21:18:50 |
| noonien | hello! | 21:20:13 |
| noonien | ryantm: have you had a chance to consider https://github.com/ryantm/agenix/issues/145 by any chance? | 21:20:49 |
| noonien | the change should not break anything, as far as I can tell | 21:21:07 |
| noonien | I've just started using agenix, but I could start looking into creating a PR | 21:21:43 |
 ryantm | noonien: Thanks for the ping, I just replied to that issue! | 21:24:15 |
| 12 Feb 2023 |
|  dcbrees joined the room. | 17:17:47 |
| dcbrees left the room. | 17:32:24 |
| 14 Feb 2023 |
|  mee joined the room. | 21:52:36 |
| 18 Feb 2023 |
| ryantm | maralorn: Looks like you can override the darwin like this:
inputs.agenix.inputs.darwin.follows = "";
| 20:07:16 |
 maralorn | In reply to @ryantm:matrix.org
maralorn: Looks like you can override the darwin like this:
inputs.agenix.inputs.darwin.follows = "";
Yes, I have resolved to do that. For more see: https://github.com/NixOS/nix/issues/7807 | 20:20:30 |
| ryantm | Cool, thanks for that context. | 20:35:37 |
| 20 Feb 2023 |
|  thomaslepoix joined the room. | 18:52:18 |
| 22 Feb 2023 |
|  lgcl (they/them) changed their display name from lgcl to lgcl (they/them). | 20:32:28 |
| 26 Feb 2023 |
|  michaelsmitth joined the room. | 00:24:37 |
| michaelsmitth | Is someone here to help? | 01:19:12 |
| ryantm | Yo | 01:20:10 |
| michaelsmitth | In reply to @ryantm:matrix.org
Yo Hi. So i am following the setup tutorial right now. I basically have to machines and different passwords for the machines.
I am just not sure how to setup the secrets.nix file. This is what I currently have:
let
mainpc = "";
mainserver = "";
in
{
""
}
| 01:21:48 |
| michaelsmitth | What does this line mean?
"secret1.age".publicKeys = [ user1 system1 ];
| 01:23:04 |
| ryantm | It means that secret1.age should be encrypted such that the user1 public key and the system1 public key can decrypt it. | 01:24:23 |
| michaelsmitth | And that secret1.age is just a file which could for example be one for my userpassword.age, rootpassword.age and so on? | 01:25:52 |
| ryantm | Yep | 01:26:13 |
| michaelsmitth | Is it recommended to create one age file for each individual secret, or are mutliple in one also possible? | 01:26:38 |
| ryantm | You can do either but one secret per file is usually the more ergonomic way. | 01:27:28 |
| michaelsmitth | Okay, good. And how would I generate the secret key with ssh-keyscan now? | 01:29:14 |
| ryantm | ssh-keysacn doesn't generate keys it just grabs the public key from the SSH server. | 01:30:19 |
| michaelsmitth | Hm, okay. So how would I add a public key for mainuser here?
let
mainuser = "";
in
{
"mainpc-root-password".publicKeys = [ mainuser ];
"mainpc-user-password".publicKeys = [ mainuser ];
"mainserver-root-password".publicKeys = [ mainuser ];
"mainserver-user-password".publicKeys = [ mainuser ];
}
| 01:33:04 |
| michaelsmitth | The tutorial says:
Add public keys to secrets.nix file (hint: use ssh-keyscan or GitHub (for example, https://github.com/ryantm.keys)):
| 01:33:42 |
| ryantm | Do you have a ssh key for yourself? In ~.ssh | 01:35:24 |
| michaelsmitth | In reply to @ryantm:matrix.org
Do you have a ssh key for yourself? In ~.ssh there is only a known_hosts file in there | 01:36:29 |
