| 21 Apr 2023 |
 ryantm | Merged! Thanks | 14:29:24 |
 Ambroisie | Is there a way I can contribute to https://github.com/ryantm/agenix/pull/109 or would I have to create a new PR? | 18:29:26 |
| Ambroisie | I want to update it to fix some issues with it and try to get it merged | 18:29:45 |
 cole-h | You can ask them if they would give you push access to their repo, or you can ask if they would mind you opening a new PR based on their work. | 18:35:33 |
| 23 Apr 2023 |
| Ambroisie | Ended up making a new PR from scratch, as my approach diverged too much from the original PRs for home-manager integration | 16:08:11 |
| 24 Apr 2023 |
| Ambroisie | In reply to @ambroisie:belanyi.fr
Ended up making a new PR from scratch, as my approach diverged too much from the original PRs for home-manager integration Let me link to it in case people want to test drive it and/or review it | 19:18:31 |
| Ambroisie | https://github.com/ryantm/agenix/pull/180 | 19:21:44 |
| 25 Apr 2023 |
 @duponin:alternativebit.fr | 
Download ima_9063442.jpeg | 15:25:56 |
 GenericNerdyUsername | idk if this is more of a question for https://matrix.to/#/#tpm:nixos.org, but is it possible to store the agenix key in a tpm? | 21:38:30 |
| GenericNerdyUsername | Maybe encrypt the keyfile using a separate key stored on the tpm? | 21:39:03 |
| ryantm | This might be possible, but we don't have any specific support for it. | 22:38:27 |
| GenericNerdyUsername | is there some pre-activation hook i can use? | 22:38:55 |
| ryantm | If you add an activationHook to system.activationScripts.agenixNewGeneration.deps then it should run before any agenix module code runs. | 22:40:00 |
| ryantm | (on linux. Darwin is different.) | 22:40:32 |
| 26 Apr 2023 |
| Ambroisie | In reply to @ambroisie:belanyi.fr
https://github.com/ryantm/agenix/pull/180 Gentle ping for getting reviews ryantm ?) as I don't think I can assign anybody | 14:00:56 |
| 27 Apr 2023 |
| ryantm | Thanks, I reviewed it! | 03:07:53 |
|  Nicolas Lenz joined the room. | 15:10:45 |
| Ambroisie | Thanks for the review :-) | 18:40:42 |
| Ambroisie | I addressed your comments and pushed an update | 18:40:52 |
| 1 May 2023 |
|  netpleb joined the room. | 03:34:43 |
| netpleb | hi agenix/nix people! I am really enjoying agenix so far! I am relatively new to nixos, and only recently managed to switch over to flakes, but I seem to have run into a common problem and cannot quite get a clear answer as to how to solve it: | 03:35:59 |
| netpleb | say I want to spin up a flake inside a container with something like sudo nixos-container create mycontainer --flake /path/to/my/flake, the problem is that to properly define the flake (and use agenix for secrets), I need to host key for the container...but it does not exist yet | 03:40:30 |
| netpleb | is there a way I can somehow generate the host key on my build system and then force the container to be created with that host key? | 03:41:13 |
| netpleb | * say I want to spin up a flake inside a container with something like sudo nixos-container create mycontainer --flake /path/to/my/flake, the problem is that to properly define the flake (and use agenix for secrets), I need to know the host key for the container...but the container does not exist yet. So the command (rightly so!) fails. | 03:46:33 |
 Florian | netpleb: can't you do a bind Mount to your key in the host? | 09:47:54 |
| cole-h | You could also make it available "somewhere" and set age.identityPaths to that (stringly-typed) path | 13:42:14 |
| cole-h | ("make it available" left as an exercise to the reader) | 13:42:27 |
| netpleb | thanks Florian and cole-h for your replies. Say I want to go the "bind Mount" direction, I am confused how that is done with flakes. Can the target system somehow mount a directory which exists only on the build system (where build system here is the place I am running the relevant nixos-rebuild --flake ... command? | 18:19:28 |
| netpleb | * thanks Florian and cole-h for your replies. Say I want to go the "bind Mount" direction, I am confused how that is done with flakes. Can the target system somehow mount a directory which exists only on the build system, where build system here is the place I am running the relevant nixos-rebuild --flake ... command? | 18:19:40 |
| netpleb | In reply to @cole-h:matrix.org
("make it available" left as an exercise to the reader) ultimately this "make it available" exercise is probably the part I currently understand the least :-/. Any hints? | 18:25:43 |
