-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error while handling error of rekeyed file missing #15
Comments
I'm not entirely sure why this is happening. You are right, it should not be necessary to set I don't get that error when I try to reproduce this with age.secrets.abc.rekeyFile = ./nonexistent.age;
Is there something special about your configuration in regards to agenix? (Probably not related to this) I think I should have used I've now also adjusted how I refer to the secret internally, on the off-chance that it had to to with how I have passed the secret submodule options down into some internal functions. Could you check whether the problem still persists? |
Thanks for the speedy response! I've done a Now I see an infinite recursion issue. Perhaps this is indicative of a poor setup on my part. Here's the error, with the leading part truncated:
But! I did some debugging of my ({ lib, ... }: {
age.secrets.civitai-token = {
rekeyFile = (builtins.trace "civitai-token.age path" (lib.debug.traceVal ./. + ../secrets/rekeyed/lithium/civitai-token.age));
};
})
This seems very wrong to me. I would expect it to refer to a file, not a directory ( To confirm something odd wasn't written there:
Okay so that's my indeed my hosts. It looks like my paths aren't as correct as I thought they were. This is very likely an error on my end. I'll try to figure it out this evening and report back with any findings. Thanks! |
My whole
I do not set age.secrets.civitai-token = {
rekeyFile = (builtins.trace "civitai-token.age path" (lib.debug.traceVal ../secrets/rekeyed/${host-id}/civitai-token.age));
}; I understand this to be the preferred way to handle pointing at the From looking around in your personal configuration repo, I noticed that you don't set
I'll keep digging. In the mean time, this is my module to do secret configuration: { flake-inputs, system, host-id, host-public-key }: { pkgs, lib, ... }: {
nixpkgs.overlays = [
# This lets us include the agenix-rekey package.
flake-inputs.agenix-rekey.overlays.default
];
age.rekey = {
hostPubkey = host-public-key;
masterIdentities = [
../secrets/agenix-master-key.pub
];
# Must be relative to the flake.nix file.
localStorageDir = (builtins.trace "localStorageDir" (lib.debug.traceVal ../secrets/rekeyed/${host-id}));
generatedSecretsDir = (builtins.trace "generatedSecretsDir" (lib.debug.traceVal ../secrets/generated/${host-id}));
# These fields are labeled as missing with:
# The option `age.rekey.userFlake' does not exist. Definition values:
# userFlake = flake-inputs.self;
# nodes = flake-inputs.self.nixosConfigurations;
storageMode = "local";
};
imports = [
flake-inputs.agenix-rekey.nixosModules.default
];
environment.systemPackages = [
# This should remain out because agenix-rekey brings in agenix - or at least
# the bits of it we are interested in.
# flake-inputs.agenix.packages.${system}.default
pkgs.agenix-rekey
];
} and then my attempt to use it in another NixOS module (same as posted earlier): age.secrets.civitai-token = {
rekeyFile = (builtins.trace "civitai-token.age path" (lib.debug.traceVal ../secrets/rekeyed/${host-id}/civitai-token.age));
}; and my global configuration, at the root of my Flake agenix-rekey = agenix-rekey.configure {
userFlake = self;
nodes = self.nixosConfigurations // self.darwinConfigurations;
}; Thanks again for taking a look - and no expectations that this is where your spare time is going :) |
Just had some time to look at your config. The main issue seems to be that you removed the agenix nixos module, which is still required. agenix-rekey is just an extension to agenix. So importing Some other things i noticed:
|
Another small thing: |
This has been a trove. Thank you!!! Once I got the Sorry about the I have some notes and TODO items I'd like to do to contribute back. Perhaps in the form of documentation and something to lend direction to the next person who forgets the steps that I did - if you're amenable. I'll try to put something together soon. Thanks again! |
Hi! Thanks for your work on this repository :)
If I have a NixOS module with content like this:
Where
./some/bad/path.age
does not point to an existing file, I get:I can kind of glean that I need to fix my path from this, but it also got me thinking maybe I am missing a
name
, so I have also tried:But I get the same error. I realize
name
is not in the documentation, but figured I'd try anyways.agenix
itself has aname
in its documentation, and it seems to get populated by inspecting its own arguments here. From there I'm not sure what additional threads to pull.My
flake.lock
is pinned with these versions:If I ensure the path points to a file correctly, this error goes away. I am greeted with another error, but I believe it is unrelated to this and I have more work to do on that front.
Thanks for your time!
The text was updated successfully, but these errors were encountered: