search

ryantm / agenix

age-encrypted secrets for NixOS and Home manager
https://matrix.to/#/#agenix:nixos.org
Creative Commons Zero v1.0 Universal
1.51k stars 117 forks source link

[BUG] Agenix not creating secrets #247

Open xqtc161 opened 7 months ago

xqtc161 commented 7 months ago

I added agenix as a home-manager module to my flake-based NixOS configuration.

sudo nixos-rebuild switch builds with no errors. Yet there are no secrets in /run/users/1000/. Not even the agenix folder exists, just agenix.d. I use a similar config like a friend of mine, and everything works for him.

krad246 commented 6 months ago

Same issue here, I can't seem to get the directories to pop up and home manager activation fails outright

VTimofeenko commented 6 months ago

The /run/users/1000/agenix gets mounted if and only if there are secrets (logic is in this block) with the actual mounting code here.

Sample flake with agenix imported in home-manager This flake exposes a test VM that can be run as `nix run .\#checks.x86_64-linux.test.driverInteractive`. ```nix { inputs = { nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; home-manager.url = "github:nix-community/home-manager"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; agenix.url = "github:ryantm/agenix"; }; outputs = inputs@{ self, nixpkgs, ... }: let system = "x86_64-linux"; pkgs = import nixpkgs { inherit system; }; inherit (pkgs) lib; in { checks.${system}.test = pkgs.testers.runNixOSTest { name = "foo"; nodes.machine1 = { config, pkgs, ... }: { services.getty.autologinUser = "alice"; imports = [ inputs.home-manager.nixosModules.home-manager ]; users.users.alice = { isNormalUser = true; password = "hunter2"; }; home-manager.users.alice = { config, ... }: # config is home-manager's config, not the OS one { imports = [ inputs.agenix.homeManagerModules.default ]; home.stateVersion = "24.05"; home.file.".ssh/id_ed25519".source = ./id_ed25519; # Don't do this to a real key, it's world-readable in store. For test VM it's OK. home.file.".ssh/id_ed25519.pub".source = ./id_ed25519.pub; programs.ssh = { enable = true; includes = [ (lib.removePrefix ".ssh/" config.age.secrets.ssh-config.path) # This makes the include relative ]; }; age.secrets.ssh-config.file = ./ssh-config.age; age.secrets.ssh-config.path = ".ssh/includes/ssh-config-agenix"; }; }; testScript = "start_all()"; }; }; } ```