system-manager
system-manager copied to clipboard
Published
20 hours ago •
numtide
numtide
Unable to use nix-sops
Describe the bug
I'm trying to use nix-sops to handle some secrets, but I can't make it.
To Reproduce
- In flake.nix
systemConfigs =
let makeSystemConfig = inputs.system-manager.lib.makeSystemConfig;
in {
"minami" = makeSystemConfig {
modules = [ ./system/minami inputs.sops-nix.nixosModules.sops ];
extraSpecialArgs = { inherit inputs; };
};
};
In system/minami/default.nix
{
imports = [ ./other-modules ];
sops = {
age.sshKeyPaths = [ "/etc/ssh/nix-sops" ];
secrets = {
secret = {
sopsFile = ./secrets/secret.json;
format = "json";
};
};
};
config = {
nixpkgs.hostPlatform = "x86_64-linux";
# other config
};
}
nix repl --extra-experimental-features 'flakes repl-flake' flake.nix --show-trace
nix-repl> systemConfigs.minami
error:
… while evaluating the attribute 'minami'
at /nix/store/n2xvix786b3v8sni332pikjq3j8r3ygw-source/flake.nix:89:9:
88| makeSystemConfig { modules = [ ./system/marushiru.nix ]; };
89| "minami" = makeSystemConfig {
| ^
90| modules = [ ./system/minami inputs.sops-nix.nixosModules.sops ];
… from call site
at /nix/store/n2xvix786b3v8sni332pikjq3j8r3ygw-source/flake.nix:89:20:
88| makeSystemConfig { modules = [ ./system/marushiru.nix ]; };
89| "minami" = makeSystemConfig {
| ^
90| modules = [ ./system/minami inputs.sops-nix.nixosModules.sops ];
… while calling 'makeSystemConfig'
at /nix/store/ncibdc9d87f9ysfvjkaiqpmwxgiayl05-source/nix/lib.nix:17:5:
16| makeSystemConfig =
17| { modules
| ^
18| , extraSpecialArgs ? { }
… from call site
at /nix/store/ncibdc9d87f9ysfvjkaiqpmwxgiayl05-source/nix/lib.nix:92:5:
91| in
92| returnIfNoAssertions toplevel;
| ^
93|
… while calling 'returnIfNoAssertions'
at /nix/store/ncibdc9d87f9ysfvjkaiqpmwxgiayl05-source/nix/lib.nix:46:30:
45|
46| returnIfNoAssertions = drv:
| ^
47| let
… from call site
at /nix/store/j10523yhkcc34478azkgcl70yzcx6j2j-source/lib/modules.nix:242:28:
241| # For definitions that have an associated option
242| declaredConfig = mapAttrsRecursiveCond (v: ! isOption v) (_: v: v.value) options;
| ^
243|
… while calling 'mapAttrsRecursiveCond'
at /nix/store/j10523yhkcc34478azkgcl70yzcx6j2j-source/lib/attrsets.nix:1167:5:
1166| f:
1167| set:
| ^
1168| let
… from call site
at /nix/store/j10523yhkcc34478azkgcl70yzcx6j2j-source/lib/modules.nix:234:33:
233| ({ inherit lib options config specialArgs; } // specialArgs);
234| in mergeModules prefix (reverseList collected);
| ^
235|
… while calling 'reverseList'
at /nix/store/j10523yhkcc34478azkgcl70yzcx6j2j-source/lib/lists.nix:1068:17:
1067| */
1068| reverseList = xs:
| ^
1069| let l = length xs; in genList (n: elemAt xs (l - n - 1)) l;
… from call site
at /nix/store/j10523yhkcc34478azkgcl70yzcx6j2j-source/lib/modules.nix:229:25:
228| merged =
229| let collected = collectModules
| ^
230| class
… while calling anonymous lambda
at /nix/store/j10523yhkcc34478azkgcl70yzcx6j2j-source/lib/modules.nix:445:37:
444|
445| in modulesPath: initialModules: args:
| ^
446| filterModules modulesPath (collectStructuredModules unknownModule "" initialModules args);
… from call site
at /nix/store/j10523yhkcc34478azkgcl70yzcx6j2j-source/lib/modules.nix:446:7:
445| in modulesPath: initialModules: args:
446| filterModules modulesPath (collectStructuredModules unknownModule "" initialModules args);
| ^
447|
… while calling 'filterModules'
at /nix/store/j10523yhkcc34478azkgcl70yzcx6j2j-source/lib/modules.nix:413:36:
412| # modules recursively. It returns the final list of unique-by-key modules
413| filterModules = modulesPath: { disabled, modules }:
| ^
414| let
… while calling anonymous lambda
at /nix/store/j10523yhkcc34478azkgcl70yzcx6j2j-source/lib/modules.nix:439:31:
438| disabledKeys = concatMap ({ file, disabled }: map (moduleKey file) disabled) disabled;
439| keyFilter = filter (attrs: ! elem attrs.key disabledKeys);
| ^
440| in map (attrs: attrs.module) (builtins.genericClosure {
… from call site
at /nix/store/j10523yhkcc34478azkgcl70yzcx6j2j-source/lib/modules.nix:400:22:
399| let
400| module = checkModule (loadModule args parentFile "${parentKey}:anon-${toString n}" x);
| ^
401| collectedImports = collectStructuredModules module._file module.key module.imports args;
… while calling anonymous lambda
at /nix/store/j10523yhkcc34478azkgcl70yzcx6j2j-source/lib/modules.nix:365:11:
364| else
365| m: m;
| ^
366|
… from call site
at /nix/store/j10523yhkcc34478azkgcl70yzcx6j2j-source/lib/modules.nix:400:35:
399| let
400| module = checkModule (loadModule args parentFile "${parentKey}:anon-${toString n}" x);
| ^
401| collectedImports = collectStructuredModules module._file module.key module.imports args;
… while calling 'loadModule'
at /nix/store/j10523yhkcc34478azkgcl70yzcx6j2j-source/lib/modules.nix:336:53:
335| # Like unifyModuleSyntax, but also imports paths and calls functions if necessary
336| loadModule = args: fallbackFile: fallbackKey: m:
| ^
337| if isFunction m then
… from call site
at /nix/store/j10523yhkcc34478azkgcl70yzcx6j2j-source/lib/modules.nix:354:14:
353| throw "Module imports can't be nested lists. Perhaps you meant to remove one level of lists? Definitions: ${showDefs defs}"
354| else unifyModuleSyntax (toString m) (toString m) (applyModuleArgsIfFunction (toString m) (import m) args);
| ^
355|
… while calling 'unifyModuleSyntax'
at /nix/store/j10523yhkcc34478azkgcl70yzcx6j2j-source/lib/modules.nix:454:34:
453| of ‘options’, ‘config’ and ‘imports’ attributes. */
454| unifyModuleSyntax = file: key: m:
| ^
455| let
error: Module `/nix/store/n2xvix786b3v8sni332pikjq3j8r3ygw-source/system/minami' has an unsupported attribute `sops'. This is caused by introducing a top-level `config' or `options' attribute. Add configuration attributes immediately on the top level instead, or move all of them (namely: sops) into the explicit `config' attribute.
Expected behavior
The configure can be built normally.
System information
latest system-manager and nix-sops
Ubuntu 22.04
Additional context
It seems that system-manager cannot use nixos modules. I'm wondering if the home-manager module can be used.
