agenix
agenix copied to clipboard
ryantm
agenix does not daemon-reload when changes to the service are made
I encountered an issue where agenix-home-manager-mount-secrets would not run.
I did 2 things to update my secrets. I'm doing sortof recursive secrets deployment via bootstrap and configuring ephemeral secrets at runtime. (my ssh key is encrypted and only available while im logged in, decrypted by an age key I pull from a secrets vault - vaultwarden)
I removed the ssh key from it's typical location, added it to agenix and did a switch.
issue 1
removed ssh key which was previously being used to mount secrets, this caused agenix not to be able to find this secret, but it SHOULD have still found the age.key file to decrypt.
issue 2
agenix-home-manager-mount-secrets not in systemd-daemon. despite the systemd user service being updated. the daemon was not so it was still using the old config. this meant that it was not looking for the age.key and because I removed id_ed25519 it was failing to run.
resolution:
I had to systemctl daemon-reload --user It would be a good idea to in the activation for agenix to daemon-reload in the home-manager module
