| 31 Dec 2025 |
 hexa | though age supports pq things since very recently | 20:06:25 |
 ed209 | In reply to @hexa:lossy.network
if they build on the same primitive then that's not much help issue is my config is public | 20:36:32 |
| ed209 | but thats resolvable | 20:37:33 |
| 1 Jan 2026 |
|  debtquity joined the room. | 21:01:40 |
| 2 Jan 2026 |
|  findus joined the room. | 14:57:52 |
| 3 Jan 2026 |
| findus | Hi, I tried agenix together with nix-generate for proxmox images and I still need to do one rebuild-switch after deploying the resulting images to have the secret mount present. Is there a trick to have them available on first boot? | 08:12:47 |
| findus | * Hi, I tried agenix together with nix-generate for proxmox images and I still need to do one rebuild-switch after deploying the resulting image to have the secret mount present. Is there a trick to have them available on first boot? | 08:12:58 |
| ed209 | In reply to @Findus:stratum0.org
Hi, I tried agenix together with nix-generate for proxmox images and I still need to do one rebuild-switch after deploying the resulting images to have the secret mount present. Is there a trick to have them available on first boot? I've run into the same issue (not proxmox but generating qcow2). I couldn't find a workaround | 13:42:23 |
| 4 Jan 2026 |
|  jappie changed their display name from jasper to jappie. | 10:59:43 |
| 8 Jan 2026 |
|  pltrz set a profile picture. | 23:50:06 |
| 9 Jan 2026 |
| pltrz changed their profile picture. | 00:00:37 |
|  Ivy joined the room. | 05:43:24 |
| Ivy | i think ive implemented restarting units like sops-nix? | 08:02:47 |
| Ivy | is that something people would want? | 08:02:56 |
| Ivy | i have it working on darwin | 08:03:03 |
| findus | I've read the source code a little and it seems like agenix also uses systemd to mount the secrets partition when sysusers are enabled (https://mynixos.com/nixpkgs/option/systemd.sysusers.enable), but when enabling that every user defined in the nix config must be a system user, dad did not work out for me | 08:50:17 |
| findus | https://github.com/ryantm/agenix/blob/fcdea223397448d35d9b31f798479227e80183f6/modules/age.nix#L283 | 08:52:02 |
 whispers [& it/fae] | for what it's worth, it also uses the systemd service if userborn is used, which can handle both normal and system users | 12:59:21 |
| Ivy | how do you use agenix rekey over like ssh | 13:18:55 |
| Ivy | like how can i do that "sanely" | 13:19:01 |
 K900 | Do you mean, like, with a key stored in a forwarded SSH agent? | 13:19:57 |
| Ivy | like that | 13:20:16 |
| Ivy | but i know that ssh agents can only sign not encrypt or decrypt | 13:20:25 |
| K900 | Yeah you can't | 13:20:39 |
| K900 | That's a design decision by the SSH agent | 13:20:45 |
| Ivy | yes | 13:20:50 |
| Ivy | so i wanna know what would be another thing i can forward over ssh to use agenix-rekey | 13:21:07 |
| K900 | You basically have to get your key onto the machine that you're running rekey on | 13:21:08 |
| K900 | There is no such thing | 13:21:13 |
| Ivy | ugh | 13:21:16 |
