| 9 Mar 2023 |
 jayhenks | Yeah because I saw it was only updated 5 days ago on github | 21:59:07 |
| jayhenks | * Yeah because I saw it was only updated 5 days ago on github (commit) | 21:59:52 |
| 10 Mar 2023 |
 Wanja Hentze | From personal experience I can attest that the maintainers respond quickly and are open to contributions :) | 10:10:36 |
 Ilan Joselevich (Kranzes) | In reply to @jayhenks:matrix.org
Yeah because I saw it was only updated 5 days ago on github (commit) Last commit is not a measure of maintenance | 14:22:44 |
| Wanja Hentze | also, 5 days ago is really recent 🤔 I consider anything within a few months "recent changes" | 14:54:23 |
| jayhenks | Does agenix offer support for home manager? | 15:40:55 |
 cole-h | No(t yet), see https://github.com/ryantm/agenix/issues/50 and https://github.com/ryantm/agenix/pull/109. | 15:41:38 |
 ryantm | Supporting home manager confuses me. | 15:43:14 |
| ryantm | Everyone keeps asking for it but it seems like a worthless thing. | 15:43:38 |
| ryantm | If you are using it with NixOS, you can already use the agenix module at the NixOS level. If you are using it at the user level, it doesn't provide any security. | 15:46:38 |
| jayhenks | What would a home manager module mean? That I can use secrets inside home manager? Is that not possible already? | 15:49:16 |
| jayhenks | Maybe I do not get something here | 15:49:28 |
| ryantm | The only use case I understand is someone wants to publish their home manager config and doesn't want to share the secrets. Maybe that's enough to justify supporting it. I don't want to give people a false sense of security though... | 16:00:19 |
 Dandellion | In reply to @ryantm:matrix.org
If you are using it with NixOS, you can already use the agenix module at the NixOS level. If you are using it at the user level, it doesn't provide any security. why wouldnt it provide any security? | 16:02:02 |
| ryantm | The user's clear text, encrypted secrets, and private key would all be in the same home directory. | 16:03:47 |
| Dandellion | owned by the user and not in the nix store though | 16:04:40 |
| ryantm | Yeah good point! I think I get it now. | 16:04:58 |
| jayhenks | In reply to @dandellion:dodsorf.as
owned by the user and not in the nix store though But why would you want that | 16:34:36 |
| jayhenks | I do Not really get it | 16:34:44 |
| Dandellion | For the same reasons as you want it for the system | 16:44:52 |
| Dandellion | I don't understand what's different | 16:45:06 |
| jayhenks | In reply to @dandellion:dodsorf.as
I don't understand what's different So it is just impossible to use agenix’s config.path in home manager to point to an encrypted file? | 17:18:00 |
|  peter-lustig joined the room. | 21:38:30 |
| peter-lustig | Hello. How could I represent the following secrets for firefox-syncserver with agenix?
secrets = builtins.toFile "sync-secrets" ''
SYNC_MASTER_SECRET=this-secret-is-actually-leaked-to-/nix/store
'';
Do I just write SYNC_MASTER_SECRET=something in the agenix file?
| 21:39:41 |
| peter-lustig | * Hello. How could I represent the following secrets for firefox-syncserver with agenix?
secrets = builtins.toFile "sync-secrets" ''
SYNC_MASTER_SECRET=this-secret-is-actually-leaked-to-/nix/store
'';
Do I just write SYNC_MASTER_SECRET=something in the .age file?
| 21:40:02 |
| cole-h | If firefox-syncserver accepts a path to a file with that, yeah that would work. | 21:41:30 |
| cole-h | * If firefox-syncserver accepts a path to a file with those contents, yeah that would work. | 21:41:36 |
| peter-lustig | In reply to @cole-h:matrix.org
If firefox-syncserver accepts a path to a file with those contents, yeah that would work. Looks like it takes a path:
Description
A file containing the various secrets. Should be in the format expected by systemd’s EnvironmentFile directory. Two secrets are currently available: SYNC_MASTER_SECRET and SYNC_TOKENSERVER__FXA_METRICS_HASH_SECRET.
Type
path
| 21:42:31 |
| cole-h | Then yeah, that should work. Just point it to config.age.secrets.<firefox-syncserver-server>.path | 21:44:48 |
| peter-lustig | In reply to @cole-h:matrix.org
Then yeah, that should work. Just point it to config.age.secrets.<firefox-syncserver-server>.path This should work, right?
secrets = builtins.toFile "sync-secrets" config.age.secrets.mainserver-firefox-syncserver-secrets.age;
Modified the example config in the manual:
https://nixos.org/manual/nixos/unstable/index.html#module-services-firefox-syncserver-quickstart
| 21:46:05 |
