You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Then when I run darwin-rebuild switch I get the following error on activation:
Setting up secrets...
sops-install-secrets: Imported /etc/ssh/ssh_host_ed25519_key as age key
with fingerprint xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
/nix/store/rrlk1kncx6mvzaqb8fz5fnqpfcbpma3p-sops-install-secrets-0.0.1/bin/sops-install-secrets:
failed to prepare symlinks to secret store: failed to symlink secret '/Users/timotheos/.config/sops/age/github_token':
cannot chown symlink '/Users/timotheos/.config/sops/age/github_token':
failed to open /Users/timotheos/.config/sops/age/github_token: too many levels of symbolic links
My home-manager sops config then doesn't get activated.
However, inspecting the symlink directory shows that the symlink has indeed been created.
ls -al ~/.config/sops/age
total 4
drwxr-xr-x 5 timotheos staff 160 Jan 1 17:57 .
drwxr-xr-x 3 timotheos staff 96 Dec 30 14:46 ..
lrwxr-xr-x 1 root staff 25 Jan 1 17:57 github_token -> /run/secrets/github_token
-rw------- 1 timotheos staff 189 Dec 30 14:48 keys.bak
lrwxr-xr-x 1 root staff 27 Jan 1 17:38 keys.txt -> /run/secrets/encryption_key
And the actual file:
sudo ls -al /run/secrets/
total 12
drwxr-x--x 2 root wheel 170 Jan 1 17:35 .
drwxr-xr-x 4 root wheel 272 Jan 1 17:57 ..
-r-------- 1 timotheos staff 149 Jan 1 17:35 cachix_auth_token
-rw-r--r-- 1 timotheos staff 189 Jan 1 17:35 encryption_key
-r-------- 1 timotheos staff 40 Jan 1 17:35 github_token
(Running darwin-rebuild switch a second time brings no change.)
However, if I change the sops-nix config to NOT change the user, then I can use path = without error:
Setting up secrets...
sops-install-secrets: Imported /etc/ssh/ssh_host_ed25519_key as age key
with fingerprint xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Setting up secrets for users
sops-install-secrets: Imported /etc/ssh/ssh_host_ed25519_key as age key
with fingerprint xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
So in other words, it looks like the owner = and the path = options are mutually exclusive. I can only use one of them at a time.
If anyone can help to diagnose the problem here, I would really appreciate it. Happy to provide further information if needed.
Hi, I am running sops-nix on nix-darwin, with home-manager as a nix-darwin module, using flakes.
Whenever I set the
path =
option on a secret to create a symlink, I am getting an error. For example, I set the following options on one secret:Then when I run
darwin-rebuild switch
I get the following error on activation:My home-manager sops config then doesn't get activated.
However, inspecting the symlink directory shows that the symlink has indeed been created.
And the actual file:
(Running
darwin-rebuild switch
a second time brings no change.)However, if I change the sops-nix config to NOT change the user, then I can use
path =
without error:Resulting in:
So in other words, it looks like the
owner =
and thepath =
options are mutually exclusive. I can only use one of them at a time.If anyone can help to diagnose the problem here, I would really appreciate it. Happy to provide further information if needed.
The text was updated successfully, but these errors were encountered: