| 29 Jun 2023 |
 steveej | In reply to @oddlama:matrix.org
If you want to use both gpg and age-plugin-yubikey at the same time you have to disable scdaemon and force gpg to use pcsc lite too does the latter refer to options of the plugi, age, or agenix? | 14:44:26 |
 oddlama | Agenix has nothing to do with that. It just calls age or rage (implementations of the age spec) which can interface with the plugin https://github.com/str4d/age-plugin-yubikey | 14:46:12 |
| steveej | thanks oddlama. i'll read up on pcsclite | 14:56:06 |
| steveej | i'm surprised that i'm hitting so many corner cases. i would expect that a lot of people use the same set up as i do | 15:00:05 |
| oddlama | What type of corner cases exactly? :D | 15:14:45 |
| steveej | oddlama: well, it says "supports ssh keys". i'm using ssh on a daily basis, but my ssh config isn't supported 𤡠| 17:21:21 |
| steveej | oddlama: i'm trying your suggestion of "force gpg to use pcsc lite". i realize that i don't know what you mean by that. does it mean disabling gpg-agent's scdaemon, and somehow make it use an existing pcscd? | 18:46:10 |
| oddlama | Mostly scdaemonSettings.disable-ccid = true; | 20:16:07 |
| oddlama | So that it doesn't try to grab exclusive access to your yubikey | 20:16:38 |
| 30 Jun 2023 |
| steveej | thanks again oddlama. i've been reading more about how age-plugin-yubikey works and AFAIU it talks directly to the yubikey interacting with its PIV functionality. i've not set up any PIV key and i don't intend to. in order to reuse my existing GPG key with agenix it would need to support either using that directly or via the gpg binary. i think i'll try my luck with sops-nix first as that seems to support my setup | 07:06:42 |
 Ilan Joselevich (Kranzes) | I personally use age-plugin-yubikey | 21:39:16 |
| Ilan Joselevich (Kranzes) | I don't use GPG for anything thankfully | 21:39:27 |
| 2 Jul 2023 |
|  @duponin:alternativebit.fr left the room. | 20:23:42 |
|  Elian D. joined the room. | 21:41:04 |
| 6 Jul 2023 |
|  Lukas set a profile picture. | 12:31:54 |
| Lukas changed their profile picture. | 12:36:34 |
| Lukas changed their profile picture. | 12:42:33 |
| 8 Jul 2023 |
 Phobos | i don't know if this is how you're supposed to do this or if you're even supposed to use agenix for this, but i tried using agenix to manage my password files but now I got this error on boot, can anyone help? | 06:30:18 |
| Phobos | 
Download IMG_20230708_162707_054.jpg | 06:30:35 |
| Phobos | was it the wrong idea to use agenix for password files-- | 06:31:19 |
| Phobos | oh i got it working again, restored the passwordfile and rolled back a few generations | 07:50:36 |
 MartiniMoe | So I have
age.secrets.ssh_key = {
file = ./secrets/ssh_key.age;
path = "$HOME/.ssh/id_rsa";
};
In my config and was expecting to find my ssh key in ~/.ssh/id_rsa after nixos-rebuild switch but its not there and it threw no errors đ¤ Am I missing something?
| 14:27:01 |
 fea (she/they) | In reply to @MartiniMoe:matrix.org
So I have
age.secrets.ssh_key = {
file = ./secrets/ssh_key.age;
path = "$HOME/.ssh/id_rsa";
};
In my config and was expecting to find my ssh key in ~/.ssh/id_rsa after nixos-rebuild switch but its not there and it threw no errors đ¤ Am I missing something?
Are you using the NixOS or Home Manager module? If you use the NixOS module, $HOME can't really resolve to anything as it's user specific and if you're using the home manager module, it might need the ssh keys to even decrypt the secrets so you may not be able to provide them via agenix | 14:31:57 |
| MartiniMoe | I'm using the home-manager module and this is not the same ssh key I use to encrypt agenix secrets | 14:34:09 |
| fea (she/they) | I think I remember still having trouble using $HOME in agenix paths, maybe try interpolating with config.home.homeDirectory instead as that should provide an absolute path to your home directory when using home manager. This might be completely unrelated tho, I'm not an expert in this at all, this is just what I've started doing | 14:35:58 |
| fea (she/they) | Also, have you tried to simply reboot? Sometimes that ended up being the easiest fix for similar problems for me, it felt like the home manager module didn't properly symlink the secrets after a simple nixos-rebuild switch | 14:38:25 |
| 9 Jul 2023 |
| MartiniMoe | In reply to @feathecutie:tchncs.de
Also, have you tried to simply reboot? Sometimes that ended up being the easiest fix for similar problems for me, it felt like the home manager module didn't properly symlink the secrets after a simple nixos-rebuild switch I tried with config.home.homeDirectory and rebooted, but both did not help âšī¸ | 09:54:21 |
| 10 Jul 2023 |
|  Sam Lehman joined the room. | 19:48:28 |
|  grizzlt left the room. | 20:27:15 |
|  moots joined the room. | 21:00:30 |
