| 20 Oct 2025 |
|  tiferrei changed their display name from Tiago Ferreira to tiferrei. | 17:34:14 |
| 21 Oct 2025 |
 tebriel | @f44:matrix.org: looks like maybe you forgot to define `age.identityPaths` to specify where the private key is on the host to be able to decrypt the secrets? | 23:02:42 |
| tebriel | well...that was a bit of a delayed response, didn't see the date :D | 23:11:19 |
| 22 Oct 2025 |
|  raphi-debug joined the room. | 10:05:57 |
| 23 Oct 2025 |
|  @astralstorm:hackerspace.pl joined the room. | 07:55:21 |
| 24 Oct 2025 |
|  Daniel Fahey joined the room. | 12:00:54 |
|  @xengi42:matrix.org left the room. | 19:34:30 |
| 27 Oct 2025 |
|  blimbus joined the room. | 00:03:41 |
| 31 Oct 2025 |
|  @eschguy:matrix.org joined the room. | 03:09:15 |
|  heini lamar joined the room. | 12:58:08 |
| Daniel Fahey set a profile picture. | 14:55:46 |
| @astralstorm:hackerspace.pl left the room. | 21:20:15 |
| 1 Nov 2025 |
|  Gaétan Lepage changed their profile picture. | 22:53:00 |
| Gaétan Lepage changed their profile picture. | 22:54:02 |
| 2 Nov 2025 |
|  @dawnofmidnight:catgirl.cloud changed their display name from whispers to whispers (it/fae). | 17:58:16 |
| 3 Nov 2025 |
 goodlander | Redacted or Malformed Event | 03:30:46 |
| goodlander | I added a host to my flake intended to build an installer iso to help make bootstrapping new systems with my config easier. My approach is that I'm just copying one of the plaintext ssh keys used as an agenix identity into the isos global store and then placing it with environment.etc; this is just a personal installer iso afterall and I can manage it without leaking the key in my config. I then set this location as an age.identityPath however it didn't seem to work the way I'd hoped. Nothing managed by agenix was decrypted.
Has anyone done something like this before? Is the plan sound? | 03:37:48 |
|  @kttns0ut:matrix.org joined the room. | 10:15:12 |
| 4 Nov 2025 |
|  whispers [& it/fae] joined the room. | 20:07:21 |
| @dawnofmidnight:catgirl.cloud left the room. | 20:07:27 |
| 6 Nov 2025 |
|  nhnn changed their profile picture. | 15:13:58 |
| nhnn changed their profile picture. | 15:18:37 |
| 7 Nov 2025 |
|  @emma:rory.gay left the room. | 22:44:12 |
| 9 Nov 2025 |
|  faye joined the room. | 13:35:35 |
| faye | Hey, I hadn't touched my configuration in a while and now whenever I rebuild I get the following:
decrypting '/nix/store/kifxdc5xbd91csl70giasl45kv07fmrm-incubator' to '/run/agenix.d/35/incubator'...
decrypting '/nix/store/z4rx6vnsp0in6i2bv8vq7j9gpmx8ai3h-wakapi-conf' to '/run/agenix.d/35/waka-conf'...
age: error: failed to obtain passphrase: could not read passphrase for "/home/akemi/.ssh/drainpixie": standard input is not a terminal, and /dev/tty is not available: open /dev/tty: no such device or address
age: report unexpected or unhelpful errors at https://filippo.io/age/report
age: error: failed to obtain passphrase: could not read passphrase for "/home/akemi/.ssh/drainpixie": standard input is not a terminal, and /dev/tty is not available: open /dev/tty: no such device or address
age: report unexpected or unhelpful errors at https://filippo.io/age/report
chmod: cannot access '/run/agenix.d/35/waka-conf.tmp'chmod: cannot access '/run/agenix.d/35/incubator.tmp': No such file or directory
: No such file or directory
mv: cannot stat '/run/agenix.d/35/waka-conf.tmp': No such file or directory
mv: cannot stat '/run/agenix.d/35/incubator.tmp': No such file or directory
[agenix] symlinking new secrets to /run/agenix (generation 35)...
[agenix] removing old secrets (generation 34)...
[agenix] chowning...
chown: cannot access '/run/agenix.d/35/incubator': No such file or directory
chown: cannot access '/run/agenix.d/35/waka-conf': No such file or directory
This is my secrets.nix, for reference:
let
# Omitted for brevity
in {
"wakapi-salt".publicKeys = allUsers ++ [systems.incubator];
"wakapi-conf".publicKeys = allUsers ++ [systems.timeline];
"incubator".publicKeys = allUsers ++ [systems.timeline];
}
I can decrypt manually with the agenix cli just fine as long as I specificy the key with --identity | 13:39:17 |
| faye | Ok so I just found this and after running nix flake update agenix it is now finally prompting for my passphrase again... | 13:41:49 |
 K900 | FWIW doing interactive things in activation scripts is very much not a good idea | 13:59:53 |
| K900 | And will probably continue exploding absolutely horribly | 14:00:02 |
| faye | Meaning I should get rid of the passphrase entirely? | 14:00:33 |
| faye | That was on my to-do list frankly, I just haven't got around to switch yet | 14:00:59 |
