search

ryantm / agenix

age-encrypted secrets for NixOS and Home manager
https://matrix.to/#/#agenix:nixos.org
Creative Commons Zero v1.0 Universal
1.51k stars 117 forks source link

nixos-install cannot find identities #235

Open RSWilli opened 9 months ago

RSWilli commented 9 months ago

I'm new to nixos and I'm installing a second system from a flake.

I'm using the nixos ISO file to install a new system. I have identities on a separate LUKS encrypted usb drive plugged into the system. I configured agenix in the following way:

age.identityPaths = [
    "/etc/ssh/ssh_host_ed25519_key"
    "/etc/ssh/ssh_host_rsa_key"
    "/run/media/nixos/installer-keys/install_key" # only on live ISO
];

The secrets are also keyed against the "install_key.pub".

and I run sudo nixos-install --flake .#main to install the system. After all the nix build logs, agenix logs:

[agenix] WARNING: config.age.identityPaths entry /run/media/nixos/installer-keys/install_key not present!

Does the nixos-install command create some kind of chroot so it doesn't have access to the usb drive? Or am I doing something else wrong?

ThChatz commented 2 months ago

same here, tried putting the id_rsa + id_rsa.pub in ~root and ~nixos during installation both in / and /mnt but it can never find the recipient

ThChatz commented 2 months ago

ok after some hours of figuring it out: nixos-install chroots into the /mnt so the key should be under /mnt default locations of keys do not work, you need to explicitly set age.identityPaths