Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User secrets not being symlinked to /run/secrets-for-users #627

Open
wesleyjrz opened this issue Sep 29, 2024 · 0 comments
Open

User secrets not being symlinked to /run/secrets-for-users #627

wesleyjrz opened this issue Sep 29, 2024 · 0 comments

Comments

@wesleyjrz
Copy link

I'm trying to set a user password using sops.secrets.<secret>.neededForUsers = true; and hashedPasswordFile = config.sops.secrets.<secret>.path.

When I try to rebuild my system I get the following error:

nixos-rebuild dry-activate --flake .#$(hostname) --use-remote-sudo --show-trace --verbose
building the system configuration...
Building in flake mode.
$ nix --extra-experimental-features nix-command flakes build .#nixosConfigurations."leviathan".config.system.build.toplevel --show-trace --verbose --out-link /tmp/nix-shell.Mb8Ok8/nixos-rebuild.FSAJNr/result
$ sudo systemd-run -E LOCALE_ARCHIVE -E NIXOS_INSTALL_BOOTLOADER= --collect --no-ask-password --pipe --quiet --same-dir --service-type=exec --unit=nixos-rebuild-switch-to-configuration --wait true
Using systemd-run to switch configuration.
$ sudo systemd-run -E LOCALE_ARCHIVE -E NIXOS_INSTALL_BOOTLOADER= --collect --no-ask-password --pipe --quiet --same-dir --service-type=exec --unit=nixos-rebuild-switch-to-configuration --wait /nix/store/yjhqvqd9xcyr31y8g95gdj2ppmx4hb5z-nixos-system-leviathan-24.05.20240918.dbebdd6/bin/switch-to-configuration dry-activate
would activate the configuration...
sops-install-secrets: Imported /etc/ssh/ssh_host_rsa_key as GPG key with fingerprint 2551d89670064b558012e9f5b47d2071a9563af4
sops-install-secrets: Imported /etc/ssh/ssh_host_ed25519_key as age key with fingerprint age19sen90jpf6t8u8yjd53jgrvrxu7metjjc2dw4fsuds2zugqyxvxs9c5eql
warning: password file ‘/run/secrets-for-users/leviathan-password’ does not exist
sops-install-secrets: Imported /etc/ssh/ssh_host_rsa_key as GPG key with fingerprint 2551d89670064b558012e9f5b47d2071a9563af4
sops-install-secrets: Imported /etc/ssh/ssh_host_ed25519_key as age key with fingerprint age19sen90jpf6t8u8yjd53jgrvrxu7metjjc2dw4fsuds2zugqyxvxs9c5eql
would restart the following units: home-manager-wesleyjrz.service

The secrets are being stored inside /run/secrets-for-users.d though. I tried using the absolute path for the secrets instead of config.sops.secrets.<secret>.path, but it doesn't work I can't login into the system anymore.

I've tried using the same plain hashed password with hashedPassword and it's working.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wesleyjrz