Open supermarin opened 8 months ago
Tried rebuilding without any references to age.secrets.secret1
and rebuilding with symlink = false;
afterwards, got the same error.
I'm on nixos-unstable btw and using flakes. Tried with and without inputs.agenix.inputs.nixpkgs.follows = "nixpkgs";
in flake.nix so it seems broken both with my nixpkgs and the ones referenced in github:ryantm/agenix.
I am encountering the same error.
I was previously setting a custom decryption path for my non-symlinked secret through age.secrets.<name>.path
, and everything worked fine. Then, I decided to keep the secret under the default agenix directory (still not symlinked, as I need direct access to the decrypted file), so I removed the path
specification. After doing that, I encountered the same error that you did.
Looking at how agenix manages to keep stable references to changing generations, it seems like it is mandatory to specify a path
outside of secretsDir
for non-symlinked secrets (${secretsDir}
is symlinked to ${secretsMountPoint}/<#generation>
).
Having an existing
age.secrets.secret1.file = ./foo
, and addingage.secrets.secret1.symlink = false;
in your configuration.nix causes the following error when runningnixos-rebuild switch
: