-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conflicts with Perlless Activation #475
Comments
What systemd target can I use instead for sops now? @nikstur |
You could just order before EDIT: sysupdate -> sysusers |
I think I mostly care about multi-user.target style services. |
Then ordering before |
Looks like we cannot use sysusers with sops-nix secrets. i.e. it requires hashedPasswordFile at build time.
|
with mutableUsers enabled this works at least: #484 |
What about a solution without mutableUsers? I don't have mutable users enabled personally. Is there any realistic solution? |
No. This is a limitation of the implementation of sysusers works in NixOS and not sops-nix. It wants to open secrets at build time rather activation time. |
When using sops-nix's templating, it seems even with mutableUsers enabled, the same error comes up again MWE{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
sops-nix = {
url = "github:mic92/sops-nix";
inputs = {
nixpkgs.follows = "nixpkgs";
nixpkgs-stable.follows = "nixpkgs";
};
};
};
outputs =
{
self,
nixpkgs,
sops-nix,
}:
{
nixosConfigurations.test = nixpkgs.lib.nixosSystem {
modules = [
(
{ config, modulesPath, ... }:
{
imports = [
"${modulesPath}/profiles/minimal.nix"
sops-nix.nixosModules.sops
];
boot = {
initrd.systemd.enable = true;
loader.systemd-boot.enable = true;
};
fileSystems."/".device = "PLACEHOLDER";
nixpkgs.hostPlatform = "x86_64-linux";
sops = {
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
secrets.secret1 = {
format = "binary";
sopsFile = self + /secrets/test.bin;
};
templates.secret1.content = ''
TEST
${config.sops.placeholder.secret1}
TEST
'';
};
system = {
etc.overlay.enable = true;
stateVersion = "24.05";
};
systemd.sysusers.enable = true;
}
)
];
};
};
} Error
|
Reproduce
systemd.sysusers.enable = true;
the error in question:
The text was updated successfully, but these errors were encountered: