search

ryantm / agenix

age-encrypted secrets for NixOS and Home manager
https://matrix.to/#/#agenix:nixos.org
Creative Commons Zero v1.0 Universal
1.33k stars 106 forks source link

Reading from a file #253

Open ashuramaruzxc opened 3 months ago

ashuramaruzxc commented 3 months ago

I have a folding@home service that requires a string to pass to the args, however since both builtins.readfile and lib.fileContents are impure because the .path is an absolute path i cannot read it. What best practice should i use in this case?

services.foldingathome = {
    enable = true;
    user = "x";
    team = 1;
    daemonNiceLevel = -9;
    extraArgs = [
      "--cause=alzheimers"
      "--beta=false"
      "--passkey ${lib.fileContents config.age.secrets.passkey.path}"
      "--account-token ${lib.fileContents config.age.secrets.token.path}"
    ];
  };
jcszymansk commented 2 weeks ago

I thought ''--passkey "$(cat ${config.age.secret.passkey.path})"'', but I see that it would be escaped by escapeShellArgs, so it seems you have to write your own script to generate config.xml using the secrets, and add it to the system activation before fahclient is started. Or, perhaps, modify the nixos module and use it instead of the original.

jcszymansk commented 2 weeks ago

You could also use this.