Agenix seems to be limited to around 60 secrets and if you try to add more, the process building your host derivation will die with Argument list too long.
[foo:rebuild] building '/nix/store/2shq4mwinwqsc30469mzjg94v17ync8h-nixos-system-foo-23.11.20231207.64cd15e.drv'...
[foo:rebuild] error: builder for '/nix/store/2shq4mwinwqsc30469mzjg94v17ync8h-nixos-system-foo-23.11.20231207.64cd15e.drv' failed with exit code 1;
[foo:rebuild] last 1 log lines:
[foo:rebuild] > error: executing '/nix/store/q1c2flcykgr4wwg5a6h450hxbk4ch589-bash-5.2-p15/bin/bash': Argument list too long
[foo:rebuild] For full logs, run 'nix log /nix/store/2shq4mwinwqsc30469mzjg94v17ync8h-nixos-system-foo-23.11.20231207.64cd15e.drv'.
task: Failed to run task "foo:rebuild": exit status 1
task: Failed to run task "foo:rebuild": exit status 1
Inspecting /nix/store/2shq4mwinwqsc30469mzjg94v17ync8h-nixos-system-foo-23.11.20231207.64cd15e.drv shows a very repetative action snippet which I traced back to installSecret inside age.nix. This installSecret snippet isn't that long but gets replicated for every secret here via:
I would suggest that installSecret becomes a bash function and then we just call this bash function instead of replicating the installSecret template over and over again. I will open a PR to illustrate this idea.
catwith1hat
commented
3 months ago
Agenix seems to be limited to around 60 secrets and if you try to add more, the process building your host derivation will die with Argument list too long.
Inspecting
/nix/store/2shq4mwinwqsc30469mzjg94v17ync8h-nixos-system-foo-23.11.20231207.64cd15e.drvshows a very repetative action snippet which I traced back toinstallSecretinside age.nix. This installSecret snippet isn't that long but gets replicated for every secret here via:I would suggest that installSecret becomes a bash function and then we just call this bash function instead of replicating the installSecret template over and over again. I will open a PR to illustrate this idea.