| 18 Dec 2022 |
 dasj19 | this is in the result:
- echo 'DEBUG PASSWORDFILE'
DEBUG PASSWORDFILE
- cat /run/agenix/daniel-password
$6$HgyUnbDcnnfRn4Ox$Ttzd6kxqrt2ZoutO.kfEXWzc4zCDCXYwHKN5X4NyB/scHOrWKoYbHQhuxtjI1tq8BRHn5Avxcgim5FHoNv90R1+ (( _localstatus > 0 ))
| 22:43:59 |
| dasj19 | so the secret gets decrypted correctly but does not end in the /etc/shadow | 22:45:13 |
| dasj19 | I am doing a system update and see if the issue persists | 22:47:08 |
 ryantm | ok, seems like everything is working... | 22:47:26 |
| dasj19 | system update did not help, i'll try on another system tomorrow, can't think of anything else i can try | 22:51:14 |
| ryantm | dasj19: aside from editing the perl script, me neither. | 22:51:37 |
| dasj19 | ok, but you can confirm that the current way of doing it is the right approach | 22:52:44 |
| dasj19 | thanks a lot for assistance, i have to go to bed soon | 22:53:58 |
| ryantm | Yes. | 22:58:49 |
| ryantm | Of course I can't see your whole configuration files, so there might be something obviously bad lurking. | 22:59:13 |
| 19 Dec 2022 |
|  lgcl (they/them) changed their profile picture. | 13:45:44 |
| 20 Dec 2022 |
| dasj19 | ryantm: I have spinned up a virtual machine with latest nixos unstable and followed the readme file present on the github project and I end up in the same situation. So it can't just be my old config that is wrong, it must be something I do or something in the unstable branch | 22:14:05 |
| 21 Dec 2022 |
 gador | Did you try it without agenix and a plain test file with the password in it? Just to rule out an agenix problem here? | 05:08:58 |
| ryantm | ☝️dasj19 | 18:16:02 |
| 22 Dec 2022 |
|  null_radix joined the room. | 08:48:08 |
| null_radix | hello, I have a directory with 100+ files that each contain a secret. Is it possible just to encrypt the entire dir, instead of each individual file? | 08:49:28 |
| ryantm | null_radix: you could first tar it the encrypt that | 13:30:27 |
| ryantm | * null_radix: you could first tar it then encrypt that | 13:30:44 |
| dasj19 | ryantm: I ended up deleting my user entry in /etc/shadow and then rebuilt, and everything looks normal now. Got inspired from: https://github.com/NixOS/nixpkgs/issues/99433 . So it wasnt a specific agenix issue but rather a issue with the user update script | 13:59:43 |
| null_radix | In reply to @ryantm:matrix.org
null_radix: you could first tar it then encrypt that how would you untar them? would you use system.activationScripts? | 17:15:37 |
| null_radix | its for a service so maybe a systemd service makes more sense | 17:16:03 |
| ryantm | null_radix: yeah, either way. | 17:25:56 |
| 24 Dec 2022 |
| dasj19 | Hi ryantm FYI, i just pulled together a solution for password updates via the perl script in NixOS https://github.com/NixOS/nixpkgs/pull/207593 | 17:34:16 |
| 25 Dec 2022 |
|  ahmed left the room. | 10:35:09 |
| 26 Dec 2022 |
 Tommy | Hey there. That's possibly a stupid question but I'm kind of stuck here: I understand how the builtins.readFile is an anti-pattern but I nevertheless like to use agenix to encrypt my known wifi psk. What is the proper way to implement this since networking.wireless.networks.<name> only has a string option for the psk not an option to provide a file? | 14:44:52 |
| ryantm | Tommy: proper way might require fixing NixOS. | 15:22:15 |
| Tommy | Mhmm. What does that mean? Implementing an option like `networking.wireless. networks.<name>.passwordFile`? And what are options not being proper and also not storing the passwords in the nix store? | 15:28:12 |
| ryantm | Right | 15:32:09 |
|  ari ❄ left the room. | 22:01:28 |
| 30 Dec 2022 |
|  Federico Damián Schonborn joined the room. | 00:13:58 |
