| 27 Jun 2023 |
 /madonius[er|he] | In reply to @cole-h:matrix.org
What is that modules = [ in shoemaker...? Looks highly suspicious. Just add agenix.nixosModules.default to your imports list right above it. yeah that was a residue of me trying around | 20:47:48 |
 cole-h | (nit, but imports is not colmena specific -- it is part of the NixOS module system, which colmena heavily leverages) | 20:47:52 |
| cole-h | In reply to @madonius:entropia.de
yeah that was a residue of me trying around Then if you move the module into your system's imports, does that resolve the issue? | 20:50:04 |
| /madonius[er|he] | yes, it does | 20:54:36 |
| /madonius[er|he] | thanks | 20:54:39 |
| /madonius[er|he] | since I use sops in all other places I was confused as to why this did not work for age | 20:55:19 |
| /madonius[er|he] | and no it did not work for sops either :D | 20:56:17 |
| /madonius[er|he] | I have to say I just switched to nixos 23.05 so this might be an explanation | 20:56:42 |
| 29 Jun 2023 |
 MartiniMoe | Does somebody have an example of how to use agenix as a home-manager module? I saw that support for that just got merged but I can’t figure out how to use it 😅
I tried just changing the module used to agenix.homeManagerModule.default but that doesn’t work. I get an error „attribute 'home' is missing“ | 08:33:44 |
 ryantm | MartiniMoe: https://github.com/search?q=+agenix.homeManagerModules.default&type=code | 12:29:58 |
| ryantm | it's homeManagerModules with an s on the end | 12:30:15 |
| ryantm | I don't actually use it myself, I was hoping someone would follow on with the documentation, but that seems to have not happened. Maybe I should have gated merging on that? | 12:31:22 |
| MartiniMoe | Actually it’s homeManagerModules in my config, you are right.
Hmm there must be something else I’m doing wrong 🤔 | 12:58:02 |
| MartiniMoe | error: attribute 'home' missing
at /nix/store/xp0x08djbldg6cnfbxlhjkna9v6v4v5j-source/modules/age-home.nix:170:12:
169| default = [
170| "${config.home.homeDirectory}/.ssh/id_ed25519"
| ^
171| "${config.home.homeDirectory}/.ssh/id_rsa"
Did you mean time?
| 13:06:41 |
|  steveej joined the room. | 13:30:26 |
| steveej | would anyone mind explaining why the pcscd is needed for agenix-yubikey-plugin? i was hoping i could use the ssh-agent which is configured to use the yubikey | 14:22:53 |
| steveej | even after enabling the pcscd agenix-yubikey-plugin --list's output is empty 🤔 | 14:23:48 |
| steveej | * even after enabling the pcscd agenix-plugin-yubikey --list's output is empty 🤔 | 14:24:01 |
 oddlama | I presume you meant age-plugin-yubikey? pcscd is required for that since that plugin communicates with the smartcard in the yubikey directly. If by "using the ssh-agent" you mean a -sk type key, then openssh would do that communication. That would require age to communicate to the ssh-agent which is not supported:
man age says
Note that keys held on hardware tokens such as YubiKeys
or accessed via ssh-agent(1) are not supported.
| 14:30:26 |
| steveej | In reply to @oddlama:matrix.org
I presume you meant age-plugin-yubikey? pcscd is required for that since that plugin communicates with the smartcard in the yubikey directly. If by "using the ssh-agent" you mean a -sk type key, then openssh would do that communication. That would require age to communicate to the ssh-agent which is not supported:
man age says
Note that keys held on hardware tokens such as YubiKeys
or accessed via ssh-agent(1) are not supported.
it's an ssh-rsa type key as displayed by ssh-add -L. | 14:36:40 |
| oddlama | But it's just a keygrab if you have the private part on your yubikey | 14:37:18 |
| steveej | i've got gpg enabled via home-manager with the following settings
programs.gpg.enable = true;
services.gpg-agent = {
enable = true;
enableScDaemon = true;
enableSshSupport = true;
};
this is what makes my set up work
| 14:38:29 |
| steveej | SSH_AUTH_SOCK points to /run/user/1000/gnupg/S.gpg-agent.ssh | 14:39:12 |
| steveej | maybe the plugin could talk to the gpg-agent's scdaemon socket somehow? | 14:40:00 |
| oddlama | If you want to use both gpg and age-plugin-yubikey at the same time you have to disable scdaemon and force gpg to use pcsc lite too | 14:42:47 |
| steveej | i don't insist on using that plugin btw.. i just would like to use the yubikey instead of managing a private key on the filesystem | 14:42:57 |
| oddlama | I don't think there's an alternative to that plugin then | 14:43:12 |
| steveej | In reply to @oddlama:matrix.org
If you want to use both gpg and age-plugin-yubikey at the same time you have to disable scdaemon and force gpg to use pcsc lite too does the latter refer to options of the plugi, age, or agenix? | 14:44:26 |
| oddlama | Agenix has nothing to do with that. It just calls age or rage (implementations of the age spec) which can interface with the plugin https://github.com/str4d/age-plugin-yubikey | 14:46:12 |
| steveej | thanks oddlama. i'll read up on pcsclite | 14:56:06 |
