| 30 Jul 2023 |
|  Khaneliman changed their display name from Austin Horstman to Khaneliman. | 20:09:53 |
| Khaneliman set a profile picture. | 20:12:08 |
| 31 Jul 2023 |
|  bddvlpr joined the room. | 19:34:58 |
| bddvlpr | Hey, quick question. I’m currently using Agenix with its HomeManager module, but would like to have my secrets also accessible outside of HM. Do I import them twice or should I somehow pass them to HM? | 19:36:11 |
| 1 Aug 2023 |
|  Charles ⚡️ changed their profile picture. | 01:12:22 |
|  cole-h changed their display name from cole-h (back 1 Aug) to cole-h. | 14:15:19 |
| 2 Aug 2023 |
|  Lucien Huber joined the room. | 09:43:40 |
|  adamcstephens left the room. | 23:43:19 |
| 3 Aug 2023 |
|  DenKn changed their profile picture. | 13:48:34 |
|  Christina Sørensen joined the room. | 06:11:56 |
| 5 Aug 2023 |
 maralorn | When I do enable documentation.nixos.includeAllModules with agenix I get:
┃ error: attribute 'users' missing
┃
┃ at /nix/store/nwlhw7kzyyryssszhvw2as3gq4ncc1ai-source/modules/age.nix:15:11:
┃
┃ 14|
┃ 15| users = config.users.users;
┃ | ^
┃ 16|
| 16:01:53 |
| maralorn | Is it me or is it agenix?^^ | 16:02:07 |
 ryantm | Weird. | 18:40:16 |
| maralorn | Can anyone else reproduce this? Is there anyone who has the scenic module imported and that docs option on in their system? | 21:41:07 |
| maralorn | * Can anyone else reproduce this? Is there anyone who has the agenix module imported and that docs option on in their system? | 21:41:23 |
| 10 Aug 2023 |
|  metasyntactical joined the room. | 22:41:56 |
| metasyntactical | Hi, I'm trying to add agenix to my newish flakes nixos config and I created the secrets.nix and all the age files and added a reference to a secret as directed in the docs and I now get the following error:
warning: Git tree '/etc/nixos' is dirty
building the system configuration...
warning: Git tree '/etc/nixos' is dirty
error:
Failed assertions:
- age.identityPaths must be set.
(use '--show-trace' to show detailed location information)
| 22:43:30 |
| metasyntactical | I included all of the ssh host and user keys in the secrets.nix file. Does it not see them automatically? Do I have to manually point to each privkey file? | 22:44:13 |
| metasyntactical | If this helps, here's my flakes.nix:
description = "my config";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
home-manager = {
url = "github:nix-community/home-manager/release-23.05";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.darwin.follows = "";
};
};
outputs = { self, nixpkgs, home-manager, agenix, ... }:
let
system = "x86_64-linux";
agenixModule = { environment.systemPackages = [ agenix.packages.${system}.default nixpkgs.age-plugin-yubikey ]; };
in {
nixosConfigurations = {
"theseus" = nixpkgs.lib.nixosSystem { inherit system; modules = [ ./machines/theseus.nix agenix.nixosModules.default agenixModule ]; };
};
};
}
| 22:45:42 |
| metasyntactical | * If this helps, here's my flakes.nix:
description = "my config";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
home-manager = {
url = "github:nix-community/home-manager/release-23.05";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.darwin.follows = "";
};
};
outputs = { self, nixpkgs, home-manager, agenix, ... }:
let
system = "x86_64-linux";
agenixModule = { environment.systemPackages = [ agenix.packages.${system}.default ]; };
in {
nixosConfigurations = {
"theseus" = nixpkgs.lib.nixosSystem { inherit system; modules = [ ./machines/theseus.nix agenix.nixosModules.default agenixModule ]; };
};
};
}
| 22:59:40 |
| ryantm | metasyntactical: probably what is happening is you haven't specified how to decrypt the secrets, and you have also not turned on openssh on the computer to make use of the system SSH keys for decryption. | 23:28:26 |
| 11 Aug 2023 |
| metasyntactical | In reply to @ryantm:matrix.org
metasyntactical: probably what is happening is you haven't specified how to decrypt the secrets, and you have also not turned on openssh on the computer to make use of the system SSH keys for decryption. all of that is in the ./machines/thesesus.nix file. it runs a ton of stuff including ssh. I set age.secret.secretname.file = ./secrets/secretname.age; and then I reference it as config.age.secrets.secretname.path and I get that error. If I comment out the age. and config.age lines, it builds fine | 00:41:21 |
| ryantm | metasyntactical: do you have config.services.openssh.enable = true in your config? | 00:44:01 |
| metasyntactical | I have a ./secrets/secrets.nix file with:
let
connelly_headless = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMV3hxhcKHYCmTpl5wRMfibT4wgWKAuLE7nWvDbIoswg";
theseus_host = "ssh-ed25519 AAAAC3Nza...(redacted)";
fw_host = "ssh-ed25519 AAAAC3Nza...(redacted)";
house_host = "ssh-ed25519 AAAAC3Nza...(redacted)";
void_host = "ssh-ed25519 AAAAC3Nza...(redacted)";
theseus = [ connelly_headless theseus_host ];
fw = [ connelly_headless fw_host ];
house = [ connelly_headless house_host ];
void = [ connelly_headless void_host ];
all = [ connelly_headless theseus_host fw_host void_host house_host ];
in {
"restic-s3.age".publicKeys = all;
"restic-theseus.age".publicKeys = theseus;
"restic-fw.age".publicKeys = fw;
"restic-house.age".publicKeys = house;
"restic-void.age".publicKeys = void;
"ssh-theseus-headless-priv.age".publicKeys = theseus;
}
| 00:44:51 |
| metasyntactical | In reply to @ryantm:matrix.org
metasyntactical: do you have config.services.openssh.enable = true in your config? yes. openssh is running great | 00:45:12 |
| ryantm | On the target machine, right? | 00:45:44 |
| metasyntactical | do I need to indicate where the secrets.nix file is in the age config? | 00:45:50 |
| metasyntactical | yes | 00:45:52 |
| ryantm | No secrets.nix is only for the agenix cli tool. | 00:46:17 |
| metasyntactical | I grabbed the /etc/ssh/ pubkeys from all of the boxes in my config | 00:46:18 |
