-
Notifications
You must be signed in to change notification settings - Fork 104
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
.symlink = false fails to generate decrypted secrets #214
Comments
Tried rebuilding without any references to I'm on nixos-unstable btw and using flakes. Tried with and without |
There are a few problems: 1. agenix decrypts at activation time, so /run/agenix/nixConf isn't there when nix evaluates configuration.nix and checks contents of nix.conf which references /run/agenix/nixConf. 2. agenix's homeManagerModules module collides with it's nixosModules. This makes it impossible to load both at the same time and use home-manager to put the secret in the user's nix.conf [gh issue](ryantm/agenix#215) 3. symlinking is broken ATM [gh issue](ryantm/agenix#214)
There are a few problems: 1. agenix decrypts at activation time, so /run/agenix/nixConf isn't there when nix evaluates configuration.nix and checks contents of nix.conf which references /run/agenix/nixConf. 2. agenix's homeManagerModules module collides with it's nixosModules. This makes it impossible to load both at the same time and use home-manager to put the secret in the user's nix.conf [gh issue](ryantm/agenix#215) 3. symlinking is broken ATM [gh issue](ryantm/agenix#214)
I am encountering the same error. I was previously setting a custom decryption path for my non-symlinked secret through Looking at how agenix manages to keep stable references to changing generations, it seems like it is mandatory to specify a |
Having an existing
age.secrets.secret1.file = ./foo
, and addingage.secrets.secret1.symlink = false;
in your configuration.nix causes the following error when runningnixos-rebuild switch
:The text was updated successfully, but these errors were encountered: