| 26 Aug 2023 |
|  Paul Meyer (katexochen) joined the room. | 14:06:41 |
| 27 Aug 2023 |
|  hexa joined the room. | 12:45:40 |
|  lord_fomo joined the room. | 21:22:17 |
| 29 Aug 2023 |
|  Sam joined the room. | 14:57:19 |
| Sam | Redacted or Malformed Event | 15:00:11 |
| Sam | Hi, trying to get agenix working on aarch64-darwin. The rebuild appears to work fine but I cannot find the secret anywhere. I have this config;
file = ../../secrets/webex-tui.age;
path = "/etc/webex-tui.secret";
};
The file /etc.webex-tui.secret does not exist after that.
Not sure if that is related, following the discussion above, I cannot see that openssh is running and I cannot find how to set that on darwin. ps -ax does not show it, however the laptop responds to ssh requests (but rejects them, I think because of company policy).
| 15:45:32 |
| Sam | * Hi, trying to get agenix working on aarch64-darwin. The rebuild appears to work fine but I cannot find the secret anywhere. I have this config;
age.secrets.webex-tui = {
file = ../../secrets/webex-tui.age;
path = "/etc/webex-tui.secret";
};
The file /etc.webex-tui.secret does not exist after that.
Not sure if that is related, following the discussion above, I cannot see that openssh is running and I cannot find how to set that on darwin. ps -ax does not show it, however the laptop responds to ssh requests (but rejects them, I think because of company policy).
| 15:46:10 |
| Sam | If I remove the path line, I cannot see anything in
> find /run/agenix.d/
/run/agenix.d/
/run/agenix.d//1
| 15:49:09 |
| Sam | * Hi, trying to get agenix working on aarch64-darwin. The rebuild appears to work fine but I cannot find the secret anywhere. I have this config;
age.secrets.webex-tui = {
file = ../../secrets/webex-tui.age;
path = "/etc/webex-tui.secret";
};
The file /etc/webex-tui.secret does not exist after that.
Not sure if that is related, following the discussion above, I cannot see that openssh is running and I cannot find how to set that on darwin. ps -ax does not show it, however the laptop responds to ssh requests (but rejects them, I think because of company policy).
| 15:55:16 |
|  a-kenji joined the room. | 19:03:36 |
| Sam changed their display name from Sam Grimee - LX2SG to Sam. | 21:30:08 |
| 4 Sep 2023 |
| Sam left the room. | 22:55:55 |
| 7 Sep 2023 |
|  Arch joined the room. | 19:50:53 |
| 9 Sep 2023 |
|  Moritz Sanft joined the room. | 12:14:48 |
| 10 Sep 2023 |
|  Christian Theune joined the room. | 04:26:18 |
|  kip93 joined the room. | 11:08:17 |
| 11 Sep 2023 |
|  Salar Rahmanian (softinio) joined the room. | 01:26:54 |
| 12 Sep 2023 |
|  jacekpoz joined the room. | 22:28:37 |
| 13 Sep 2023 |
|  @pkolloch:matrix.org joined the room. | 10:34:19 |
|  r.shackleford joined the room. | 19:10:53 |
| 14 Sep 2023 |
|  mib 🥐 joined the room. | 11:22:32 |
| 15 Sep 2023 |
|  willmckinnon joined the room. | 05:57:33 |
| willmckinnon | Hey everyone, having some issues with absolute paths:
error: access to absolute path '/run/agenix/desktopPrivateKey' is forbidden in pure eval mode (use '--impure' to override)
My config looks like
age.secrets.desktopPrivateKey.file = ../../secrets/desktopPrivateKey.age;
users.users.root.openssh.authorizedKeys.keyFiles = [ config.age.secrets.desktopPrivateKey.path ];
Not sure if this is an agenix issue, but wondering if anyone has a resolution, RTFM hasn't been helping me :S
| 05:59:36 |
 jeroen | Cannot comment on the error, but I'm pretty sure authorizedKeys is meant for public keys and not private keys. | 07:19:08 |
|  stelcodes joined the room. | 07:56:49 |
| stelcodes | You're getting that error because all those paths in keyFiles are being read behind the scenes (via builtins.readFile) and when you readFile <path-outside-nix-store> you get that purity error. Also jeroen is right, you're not supposed to put private keys there. | 08:01:07 |
| stelcodes | I'm actually wondering something related to this type of use case. Maybe this has been discussed before but lets say I *really* want to reference my decrypted secrets at evaluation time as strings and I don't care if they're globally readable from the nix store. Is there any way to decrypt a secret into the nix store via a derivation? I was looking at the experimental `impure-derivations` feature but I don't think it would work.My use case is using agenix to encrypt wireguard enpoint IP addresses for use with wg-quick. Unfortunately there's no way to reference the decrypted | 08:12:47 |
| stelcodes | secret path at runtime because the IP address must be in the .conf file which is written to the store during evaluation. | 08:14:25 |
| stelcodes | Currently I'm just using `lib.fileContents <secret>.path` which requires two rebuilds (first one fails, second one suceeds). It's not ideal and I'm wondering if there's any type of hack that could yield the decrypted secrets during nixos-rebuild. | 08:16:38 |
|  sbc64 set a profile picture. | 09:39:32 |
