| 11 Aug 2023 |
 ryantm | No secrets.nix is only for the agenix cli tool. | 00:46:17 |
 metasyntactical | I grabbed the /etc/ssh/ pubkeys from all of the boxes in my config | 00:46:18 |
| metasyntactical | could it be some flakes scoping thing? I declared the age module in the top level flake and then my config using age is in another module -- could that cause it? | 00:47:15 |
| ryantm | Shouldn't be a problem. | 00:47:48 |
| metasyntactical | also, will agenix require --impure always? | 00:47:53 |
| ryantm | Agenix doesn't require impure | 00:48:08 |
| metasyntactical | okay. so in ./machines/theseus.nix I add the line below
age.secrets.wg-theseus-home-privkey.file = ./secrets/wg-theseus-home-privkey.age;
and I get the error:
error:
Failed assertions:
- age.identityPaths must be set.
(use '--show-trace' to show detailed location information)
| 00:50:08 |
| metasyntactical | should I run it with --show-trace for you? | 00:50:23 |
| metasyntactical | or maybe try to poke at something in the repl? | 00:52:53 |
| metasyntactical | ssh_config ssh_host_ed25519_key ssh_host_ed25519_key.pub ssh_host_rsa_key ssh_host_rsa_key.pub ssh_known_hosts
| 00:53:03 |
| ryantm | Something is going wrong here https://github.com/ryantm/agenix/blob/d8c973fd228949736dedf61b7f8cc1ece3236792/modules/age.nix#L229 | 00:53:08 |
| ryantm | You could load your flake into the Repl and confirm the openssh service is enabled... | 00:55:51 |
| metasyntactical | if I call "nix repl --file flake.nix" how do I poke at the config for a system defined by it? | 00:59:56 |
| metasyntactical | connelly@theseus:/etc/nixos]$ nix repl --file flake.nix
Welcome to Nix 2.13.3. Type :? for help.
Loading installable ''...
Added 3 variables.
nix-repl> outputs.nixConfigurations.theseus
error: value is a function while a set was expected
at «string»:1:1:
1| outputs.nixConfigurations.theseus
| ^
nix-repl>
| 01:01:36 |
| metasyntactical | got it. :lf /etc/nixos did the trick.... here's those variables:
nix-repl> builtins.elemAt outputs.nixosConfigurations.theseus.config.services.openssh.hostKeys 0
{ bits = 4096; path = "/etc/ssh/ssh_host_rsa_key"; type = "rsa"; }
nix-repl> builtins.elemAt outputs.nixosConfigurations.theseus.config.services.openssh.hostKeys 1
{ path = "/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; }
| 01:06:31 |
| metasyntactical | and I confirmed those files exist | 01:07:15 |
| metasyntactical | and also of note in that flake:
nix-repl> outputs.nixosConfigurations.theseus.config.age.identityPaths
[ ]
| 01:09:05 |
| metasyntactical | and if I look at this, I think that's notable:
ix-repl> outputs.nixosConfigurations.theseus.options.age.identityPaths.default
[ ]
| 01:13:02 |
| metasyntactical | Oh shit, it looks like on my laptop, even though I had at one time, I am no longer running openssh.... just like you said...
nix-repl> outputs.nixosConfigurations.theseus.config.services.openssh.enable
false
| 01:14:52 |
| ryantm | Ah ha! | 01:17:45 |
| metasyntactical | that fixed it. sorry to bother. I appreciate the help. | 01:37:19 |
| 12 Aug 2023 |
|  Fabian left the room. | 18:09:57 |
| 13 Aug 2023 |
|  nevoyu joined the room. | 01:24:59 |
| 15 Aug 2023 |
|  Christina Sørensen changed their profile picture. | 14:57:52 |
| nevoyu left the room. | 19:34:13 |
| 17 Aug 2023 |
|  evalexpr joined the room. | 14:18:44 |
| evalexpr | o/
Is it possible to run/use agenix on a linux (non-NixOS) system without openssh invoked via home-manager being used as a module?
I'm running into a bunch of roadblocks and struggling to make it work - if the above is a valid use-case I can provide some more info, ty | 14:23:07 |
| evalexpr | It "mostly" works but I seem to have to run systemctl start --user agenix for it to actually make the file 🤔 | 14:50:36 |
| 18 Aug 2023 |
|  zooter9 joined the room. | 10:43:01 |
| 21 Aug 2023 |
| ryantm | Yeah, I think openssh is not a hard requirement, you can use some other identity to decrypt the secrets. | 18:11:16 |
