| 12 Jul 2023 |
 moots | * Since j both need the secrets in the Terraform rendered files and n the machines im planning to build which get created by terranix | 19:53:35 |
 Ilan Joselevich (Kranzes) | Get agenix and nixos out the picture, they're not relevant to this. You should look into just encrypting your tfvars file | 19:53:49 |
| moots | i dont neccessairly need to encrypt the tfvars files, but the different ssh keys and providers private keys with close to automatic rekeying for every user | 19:55:33 |
| moots | * i dont neccessairly need to encrypt the tfvars files, but the different ssh keys and providers private keys with close to automatic rekeying for every user (of my private repo) | 19:55:58 |
| moots | * i dont neccessairly need to encrypt the tfvars files, but the different ssh keys and providers private keys with close to automatic rekeying for every user (of my private repo). so that i can keep everything(literally everything) in a monorepo using josh | 19:56:27 |
| moots | lets see if i can figure out how to run age in the nix build before the terranix terraform part gets rendered | 20:01:59 |
| moots | so the decrypted part is accessible from the nix store in terranix | 20:02:41 |
| Ilan Joselevich (Kranzes) | Idk if this is helpful but look at this https://github.com/kranzes/tf-infra | 20:17:07 |
| moots | In reply to @kranzes:matrix.org
Idk if this is helpful but look at this https://github.com/kranzes/tf-infra yep i think runCommand will work | 20:47:58 |
| moots | thanks! | 20:48:03 |
|  adamcstephens joined the room. | 21:43:53 |
| 13 Jul 2023 |
| moots | In reply to @moots:matrix.org
yep i think runCommand will work does someone maybe have a quicktip on how to access the ssh kyes from the home folder ? | 14:28:57 |
| moots | In reply to @moots:matrix.org
yep i think runCommand will work * does someone maybe have a quicktip on how to access the ssh kyes from the home folder ?
++ /nix/store/r9hjvsggi230b413hs0v6zr88d50jx3p-agenix-0.13.0/bin/agenix -d oci.pem.age
config-tf> warning: '/nix/var/nix' does not exist, so Nix will use '/homeless-shelter/.local/share/nix/root' as a chroot store
config-tf> No identity found to decrypt oci.pem.age. Try adding an SSH key at /homeless-shelter/.ssh/id_rsa or /homeless-shelter/.ssh/id_ed25519 or using the --identity flag to specify a file.
example how i use it rn in the flake
"${agenix.packages.${system}.agenix}/bin/agenix -d ${builtins.baseNameOf value.file} > $out/${builtins.replaceStrings [".age"] [""] (builtins.baseNameOf value.file)}")
| 14:30:06 |
| moots |
actually i guess its impossible in pure mode hmm
| 14:35:18 |
|  Rígille S. B. Menezes joined the room. | 17:26:27 |
| Rígille S. B. Menezes | Hey, is it possible to use agenix without nix modules? | 17:27:23 |
 ryantm | What do you mean by nix modules? | 17:55:01 |
| Rígille S. B. Menezes | Sorry I meant NixOS modules | 17:55:30 |
| Rígille S. B. Menezes set a profile picture. | 17:57:15 |
| Rígille S. B. Menezes | From what I read in the documentation it looks like agenix is only meant to be used with NixOS | 17:58:07 |
| ryantm | It also works with HomeManager but that currently has no docs. | 18:56:45 |
| Rígille S. B. Menezes | Oh I see | 18:57:41 |
| 14 Jul 2023 |
|  cole-h changed their display name from cole-h to cole-h (back 1 Aug). | 23:51:20 |
| 25 Jul 2023 |
|  Federico Damián Schonborn changed their profile picture. | 01:57:13 |
|  Vika (she/her) joined the room. | 13:10:25 |
| 26 Jul 2023 |
|  krustyjonez joined the room. | 13:02:42 |
| 27 Jul 2023 |
|  ribosomerocker joined the room. | 03:02:40 |
|  Charles ⚡️ joined the room. | 05:36:13 |
| 28 Jul 2023 |
|  Fabian joined the room. | 13:56:08 |
| 29 Jul 2023 |
|  arichtman joined the room. | 03:52:04 |
