Mr Horseman
Reputation: 21
I cannot get sops-nix to import my secrets properly
I'm using sops-nix in my configuration, and I want to import some secrets to use with Syncthing, but I cannot get it to work.
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
defaultSopsFormat = "yaml";
age = {
sshKeyPaths = [ "/home/horseman/.ssh/id_ed25519" ];
keyFile = "/home/horseman/.config/sops/age/keys.txt";
generateKey = true;
};
secrets = {
"syncthing/luna".owner = "horseman";
"syncthing/terra".owner = "horseman";
"syncthing/solis".owner = "horseman";
"syncthing/gui_user".owner = "horseman";
"syncthing/gui_password".owner = "horseman";
};
};
services.syncthing = {
enable = true;
user = "horseman";
dataDir = "/home/horseman";
configDir = "/home/horseman/nix-config/config/syncthing";
overrideDevices = true;
overrideFolders = true;
settings = {
devices = {
"luna" = { id = config.sops.secrets."syncthing/luna"; };
"terra" = { id = config.sops.secrets."syncthing/terra"; };
};
folders = {
"Documents" = {
path = "/home/horseman/Documents";
devices = [ "terra" "luna" ];
};
"Programming" = {
path = "/home/horseman/Programming";
devices = [ "terra" "luna" ];
};
};
gui = {
user = config.sops.secrets."syncthing/gui_user";
password = config.sops.secrets."syncthing/gui_password";
};
};
};
When I run sudo nixos-rebuild switch:
error: A definition for option `services.syncthing.settings.devices.terra.id' is not of type `string'. Definition values:
- In `/nix/store/z1w6lbli6y1yj0vhwvm0gq13ganifflz-source/machines/common/configuration.nix':
{
format = "yaml";
group = "users";
key = "syncthing/terra";
mode = "0400";
This suggests that the secrets aren't import as string but rather as the secret object. I want to get the raw secret string that's in secrets.yaml. How? I've looked in the documentation here, but cannot find it.
Upvotes: 1
Views: 323
Answers (0)
Related Questions
- using nix-flakes on MBP, cannot import scipy
- nix: where does the system variable get populated from?
- nix-shell: how to specify a custom environment variable?
- First steps on nix: Doing configure/make the Nix way?
- What is buildPackages in Nix?
- Setup global python environment properly with nix
- composing local nix packages
- Can a service be run in nix-shell
- How can I override a Nix derivative without throwing `cannot coerce a set to a string`?
- nix-shell error - mkdir: cannot create directory '/nix/store/...': Read-only file system