The key in age.identityPaths should be id_ed25519_agenix

dustinlyons / nixos-config

General purpose Nix configuration for macOS / NixOS with starter templates + step-by-step guides ✨

BSD 3-Clause "New" or "Revised" License

1.79k stars 113 forks source link

The key in age.identityPaths should be id_ed25519_agenix #122

Closed mrdylanyin closed 2 weeks ago

mrdylanyin commented 2 weeks ago

Based on my understanding, id_ed25519 should be responsible for cloning the nix-secrets repository from GitHub, while id_ed25519_agenix is responsible for encrypting and decrypting the keys. So, in modules/darwin/secrets.nix

identityPaths = [
"/Users/${user}/.ssh/id_ed25519"
];

Should it be id_ed25519_agenix, or did I misunderstand something?

dustinlyons commented 2 weeks ago

Sorry, I probably didn't do the best of documenting this.

We rename id_ed25519_agenix to id_ed25519 as part of install. The id_ed25519 used at installation is thrown away, as it's just used to bootstrap nix-secrets.