-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to use nix-sops #81
Comments
No you should use the NixOS module, not the HM module. From the error, I have a suspicion that you didn't share your full config, because that error is a generic one from the module system that you get when you put attributes in the top-level module scope together with an explicit options or config attribute. Do you by any chance have something like this? {
sops = { ... };
config = { ... };
} In that case you'd need to move the That being said, I didn't test sops-nix with system-manager, so I'm not sure if it works. |
Yes, I didn't upload the full config. I would upload a minimum reproduction if needed. However, there are still errors if I move sops options into config, or even I import sops nixos module only. I will upload such error messages later since they may contain some more helpful information. |
{
imports = [ ./../../modules/system/xray.nix ];
config = {
nixpkgs.hostPlatform = "x86_64-linux";
sops = {
age.sshKeyPaths = [ "/etc/ssh/nix-sops" ];
secrets = {
secret = {
sopsFile = ./secrets/secret.json;
format = "json";
};
};
};
# other config
};
} After moving sops into config, I got:
|
Right, you'd need to add system-manager/nix/modules/upstream/nixpkgs/default.nix Lines 18 to 27 in 55b5f09
|
options = {
system = lib.mkOption { type = lib.types.raw; };
services.openssh = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
};
}; I managed to make it work after adding such options. However, the secret file couldn't be read at runtime (and there is no |
It seems that system-manager needs to handle |
A better solution would be for sops to decrypt secrets through a systemd service instead of an activation script, which is the general direction in which things are going anyway, with systemd initrd and such. |
relevant: Mic92/sops-nix#39 |
But the pr has been opened for 3 years. Could we do something now? |
Describe the bug
I'm trying to use
nix-sops
to handle some secrets, but I can't make it.To Reproduce
In system/minami/default.nix
nix repl --extra-experimental-features 'flakes repl-flake' flake.nix --show-trace
Expected behavior
The configure can be built normally.
System information
latest system-manager and nix-sops
Ubuntu 22.04
Additional context
It seems that system-manager cannot use nixos modules. I'm wondering if the home-manager module can be used.
The text was updated successfully, but these errors were encountered: