| 24 Aug 2025 |
 K900 | That's in the agenix repo | 16:34:57 |
 crop | yes now i use that (not from nixpkgs) and it works ... why is there a agenix-cli in nixpkgs that doesn't work? 😠| 16:43:32 |
| K900 | I don't know | 16:44:20 |
| 26 Aug 2025 |
|  @dawnofmidnight:catgirl.cloud joined the room. | 02:34:10 |
| 27 Aug 2025 |
|  kylie joined the room. | 00:25:24 |
| 28 Aug 2025 |
|  sbc64 changed their profile picture. | 14:23:19 |
|  @redbeardy_mcgee:matrix.org left the room. | 16:36:00 |
| 30 Aug 2025 |
|  @522_:catgirl.cloud changed their display name from 522 [it/its][ΘΔ] to 522 it/its ⛯ΘΔ. | 14:10:21 |
| 1 Sep 2025 |
|  mike joined the room. | 17:43:07 |
| 3 Sep 2025 |
|  ed209 joined the room. | 19:18:26 |
| ed209 | I'm looking for ways to store build-time secrets using agenix, but it seems to be a bit tricky to do. is there an easy way to (potentially imperitively) decrypted a subset of secrets so they're available on the system before deploying/building images? | 19:21:04 |
| K900 | Build-time secrets are basically always bad | 19:22:46 |
| K900 | Why do you want that? | 19:22:52 |
| ed209 | i should say deploy time... like how else do you give luks the key to use when provisioning a system? | 19:23:26 |
| K900 | Can you explain what you're actually trying to do? | 19:23:46 |
| ed209 | the main use case is using nixos-anywhere to provision a system with luks | 19:25:38 |
| ed209 | * the main use case is using nixos-anywhere to provision a system with luks (using disko) | 19:26:16 |
| ed209 | * the main use case is using nixos-anywhere to provision a system with luks (using disko) | 19:26:27 |
| ed209 | I'm certainly open to a better way. the secret is only needed when creating the luks volume, and then is unecessary/not stored | 19:27:16 |
| K900 | I feel like this is a nixos-anywhere problem | 19:27:47 |
| K900 | As in, the key should be provisioned by nixos-anywhere | 19:27:54 |
| K900 | Because it's what's doing the installing | 19:28:03 |
| K900 | I don't know if it can actually do that | 19:28:14 |
| K900 | But I know it is too early for agenix to do anything | 19:28:25 |
| ed209 | In reply to @k900:0upti.me
I don't know if it can actually do that there is a mechanism for this | 19:28:25 |
| K900 | (and same for other agenix shaped tools) | 19:28:41 |
| ed209 | found it, its --disk-encryption-keys... I guess I can manually decrypt secrets but would be cool if you could have it automatically done during deployment | 19:30:52 |
| ed209 | * found it, its --disk-encryption-keys is the nixos-anywhere flag... I guess I can manually decrypt secrets but would be cool if you could have it automatically done during deployment | 19:33:43 |
| 4 Sep 2025 |
|  curious_cuttlefish joined the room. | 04:41:16 |
| 8 Sep 2025 |
|  Inayet set a profile picture. | 02:15:48 |
