Cole Helbling

Understood; however, `meta.nixpkgs` is required even when `meta.nodeNixpkgs` is specified. I've got a very ugly, WIP patch that does exactly what I want. I'll submit a PR soon to show...

I've opened https://github.com/zhaofengli/colmena/pull/56 with the smallest diff necessary for this functionality (minus removing `meta.nodeNixpkgs`).

One workaround I just found is setting `meta.nixpkgs` to be a set that only contains `lib`, e.g.: ```nix { meta = { nixpkgs = { lib = inputs.nixpkgs.lib; }; };...

We should be sure to cut a release before and after this merges, though.

Yeah, that sounds like a good change to make -- thanks for catching that!

FWIW, I've added support for reading *initial contents* from stdin in https://github.com/cole-h/agenix-cli/commit/124ddbd7b93fe02e59dec622f8085d41217c71b5. `cat /dev/urandom | head -c 128 | agenix [filename] -s` will create `[filename]` with the data read from...

Would failing prevent further decryption from taking place (e.g. on different files), or would it just set the error code for the script so that NixOS knows there was an...

A pleasure to do my part! We have now doubled the bus factor of this neat little project :)

Would a `[groups]` table work for you? Something like: ```toml [identities] admin1 = "ssh-ed25519 ...." admin2 = "ssh-ed25519 ...." [groups] machine1Admins = [ "admin1", "admin2" ] [[paths]] glob = "monit"...

> Is your concern with the `secrets.nix` approach that you have to list every secret? That's one thing I didn't like about `secrets.nix` for sure. The other thing I didn't...