| 26 Feb 2023 |
 michaelsmitth | agenix -e? | 19:14:31 |
 ryantm | Yeah all of them basically. Edit, rekey, decrypt | 19:16:22 |
| michaelsmitth | When editing a key, I always get asked for the openssh key. Is that what I need the user for? | 19:17:24 |
| michaelsmitth | * When editing a key, I always get asked for the openssh key passphrase. Is that what I need the user for? | 19:17:40 |
| ryantm | Yeah. You'd have to use `-i /etc/ssh/...` with all the commands to use the host key. | 19:18:45 |
| michaelsmitth | So I just removed the user to test it. When I now do nix run github:ryantm/agenix -- -e mainserver-user-password.age -i /etc/ssh/ssh_host_ed25519_key it tells me Permission denied. | 19:21:35 |
| michaelsmitth | Redacted or Malformed Event | 19:21:47 |
| michaelsmitth | Should this not work now | 19:23:47 |
| michaelsmitth | It also does not work for the other files | 19:25:16 |
| michaelsmitth | Error: Permission denied (os error 13)
[ Did rage not do what you expected? Could an error be more useful? ]
[ Tell us: https://str4d.xyz/rage/report
| 19:27:51 |
| ryantm | Try using -v to see what is failing | 19:28:56 |
| michaelsmitth | The output is quite cryptic | 19:29:47 |
| michaelsmitth | When I run with sudo:
/nix/store/smy2vqg1mg2nfwmcx2yqyr7af82cfdac-agenix-0.13.0/bin/agenix: line 162: EDITOR: unbound variable
| 19:30:42 |
| michaelsmitth | So that seems to work, but the EDITOR environment variable causes some trouble | 19:32:12 |
 cole-h | Try `sudo -E` | 19:33:02 |
| michaelsmitth | $HOME ('/home/user') is not owned by you, falling back to the one defined in the 'passwd' file ('/root')
Do i need chown 777?
| 19:33:44 |
| michaelsmitth | but weird that it is not owned by me | 19:34:16 |
| michaelsmitth |
- without capital
E it works. -e
| 19:36:20 |
| michaelsmitth | So it seems like I can edit all the files like this ryantm:
sudo -e nix run github:ryantm/agenix -- -e mainserver-user-password.age -i /etc/ssh/ssh_host_ed25519_key
| 19:37:47 |
| ryantm | Nice. I'm glad this edge case works somehow. | 19:38:46 |
| michaelsmitth | I just wonder how I am able to edit the ones from the mainserver | 19:39:03 |
| michaelsmitth | because:
let
mainpc = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL6Tk94ilarqQZZ36ZWEi5U14nQwS/bqHkkTt7BOWxX0 root@mainpc";
mainserver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHugugwi3IeKQ74mNbP50YrU9gfspmhgUWF7WDTCrjo3 root@mainserver";
systems = [ mainpc mainserver ];
in
{
"mainpc-root-password.age".publicKeys = [ mainpc ];
"mainpc-user-password.age".publicKeys = [ mainpc ];
"mainserver-root-password.age".publicKeys = [ mainserver ];
"mainserver-user-password.age".publicKeys = [ mainserver ];
"mainserver-postgres-password.age".publicKeys = [ mainserver ];
}
because I did not give permission
| 19:40:07 |
| michaelsmitth | * because:
let
mainpc = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL6Tk94ilarqQZZ36ZWEi5U14nQwS/bqHkkTt7BOWxX0 root@mainpc";
mainserver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHugugwi3IeKQ74mNbP50YrU9gfspmhgUWF7WDTCrjo3 root@mainserver";
systems = [ mainpc mainserver ];
in
{
"mainpc-root-password.age".publicKeys = [ mainpc ];
"mainpc-user-password.age".publicKeys = [ mainpc ];
"mainserver-root-password.age".publicKeys = [ mainserver ];
"mainserver-user-password.age".publicKeys = [ mainserver ];
"mainserver-postgres-password.age".publicKeys = [ mainserver ];
}
I did not give mainpc permission to do that
| 19:40:26 |
| ryantm | If you look at the .age file in a text editor you can see what identities can decrypt the file. | 19:41:43 |
| michaelsmitth | I think there is something wrong with the command above. Because when executing it, all I see is the OpenSSH private key. Not the real contents | 19:42:45 |
| michaelsmitth | * I think there is something wrong with the command above. Because when executing it, all I see is my OpenSSH private key. Not the real contents | 19:42:58 |
| michaelsmitth | * I think there is something wrong with the command above. Because when executing it, all I see is my OpenSSH private key. Not the real contents of the .age file | 19:43:07 |
| michaelsmitth | In reply to @cole-h:matrix.org
Try `sudo -E` Okay, this works. | 19:44:14 |
| michaelsmitth | Only for the permitted ones | 19:44:25 |
| michaelsmitth | Well now when I add the user again, rekey and enter my passphrase I get the error: No matching keys found | 19:54:55 |
