-
Sometimes it's desirable to have files in the Nix store that are not world-readable, such as configuration files containing passwords. This could be implemented as follows:
- Private files are marked …
-
| Field | Description |
|--------------|-------------|
| Plugin | Unrelated |
| Nixpkgs | `23.11` and `unstable` |
| Home Manager | `23.11` |
- [X] I have read the [FAQ](…
-
Hi there! Thank you so much for your work on this library, I'm stubbornly wedded to the idea of using it.
Unfortunately, I've been struggling to get it working on my NixOS machine. Here are the iss…
-
My homelab infrastructure monorepo has the "nodes" nix.flake under the nodes/ subdirectory. When I try to run the agenix wrapper in this subdirectory, it dies and gives the error "error: Could not det…
-
The strategy of `Harvest Now, Decrypt Later` (https://en.wikipedia.org/wiki/Harvest_now,_decrypt_later) relies on ability to collect and store encrypted files to be decrypted in the future e.g. Quantu…
-
If I build with the `wgConf` set and without the `--impure` flag for `nixos-rebuild` I get the following error:
```
error: access to absolute path '/run/agenix/airvpn-wg' is forbidden in pure eval…
-
I have a secret configured like this:
```nix
age.secrets."sendgrid-api-key.txt" = {
file = ../../secrets/sendgrid-api-key.txt;
owner = "alertmanager";
group = "alertmanager";
…
-
At the moment we're hashing NixOS user passwords with SHA512. We could easily switch over to [yescrypt][yescrypt] which seems to be a better option or [Argon2id][argon2] which may be even better than …
-
As mentioned in #13, `rage` doesn't work for me and maybe others.
Would be great if we could get an option to use `age` instead.
-
https://github.com/ocfox/den/blob/3e33c09639fa2701e1e98a14469c1c4798631fc3/hosts/whitefox/nixpkgs.nix#L12
See: https://github.com/ryantm/agenix#builtinsreadfile-anti-pattern
> This can cause the…