agenix: command not found

[papanito]

I am successfully using agenix since I setup my machine. Today I wanted to add a new secret but I get

agenix: command not found

This is my config in my flake.nix

{
  inputs = {
    agenix.url = "github:ryantm/agenix";
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
    disko.url = "github:nix-community/disko";
    pentesting = {
      url = "/home/papanito/Workspaces/papanito/nix-pentesting";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs = { self, nixpkgs, disko, pentesting, ... }@inputs:
    let
      # System types to support.
      supportedSystems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];

      # Helper function to generate an attrset '{ x86_64-linux = f "x86_64-linux"; ... }'.
      forAllSystems = nixpkgs.lib.genAttrs supportedSystems;

      # Nixpkgs instantiated for supported system types.
      nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; overlays = [ self.overlay ]; });

      system = "x86_64-linux";
      pkgs = nixpkgs.legacyPackages.${system};
    in
    {
    pkgs = forAllSystems (system:
      let pkgs = nixpkgs.legacyPackages.${system};
      in { inherit pkgs; }
    );

    nixosConfigurations = {
      clawfinger = nixpkgs.lib.nixosSystem {
        specialArgs = { inherit inputs; };
        inherit system;
        modules = [
          ./configuration.nix
          ./hosts/clawfinger # Include the results of the hardware scan.
          ./users.nix
          inputs.agenix.nixosModules.default
          inputs.pentesting.nixosModules.default
        ];
      };
...

[n8henrie]

Did you forget to put agenix in your systemPackages? It looks like you added the nix module, but you still have to ask nix to include the binary in your system path (or run it as nix run github:ryantm/agenix -- --help).

[papanito]

Good hint, thanks. I added

 environment.systemPackages = [ agenix.packages.${system}.default ];

Did nix flake update and sudo nixos-rebuild --flake '.#' switch but still the same error

[n8henrie]

Did the nixos-rebuild succeed, and then you got the error when trying to run e.g. agenix --help? Did I understand that correctly?

[papanito]

Did the nixos-rebuild succeed,

yes

...
activating the configuration...
[agenix] creating new generation in /run/agenix.d/4
[agenix] decrypting secrets...
decrypting '/nix/store/1q8m20ammy8lympxfn67i0xyyhmmg1d6-restic_b2_credentials.age' to '/run/agenix.d/4/restic_b2_credentials'...
decrypting '/nix/store/s5wkwzb1h5lh6qyg6fas1fx0mg2253bv-restic_password.age' to '/run/agenix.d/4/restic_password'...
[agenix] symlinking new secrets to /run/agenix (generation 4)...
[agenix] removing old secrets (generation 3)...
[agenix] chowning...
setting up /etc...
reloading user units for papanito...
restarting sysinit-reactivation.target
the following new units were started: libvirtd.service

and then you got the error when trying to run e.g. agenix --help? Did I understand that correctly?

Yes

[n8henrie]

That's odd. I've historically used the overlay, which has worked to pull agenix into pkgs, but I just switched to your method above and it works fine.

If I comment out agenix.packages.${system}.default, I have no agenix binary. If I uncomment it, the binary appears as expected.

[n8henrie]

Can you re-post your full config, including the systemPackages bit?

[papanito]

My full config can be found here: https://github.com/papanito/nixos-configuration

[n8henrie]

Sorry, I'm unable to replicate.

The reference to agenix only appears in your hetzner-cloud configuration. After removing the pentesting input (since I don't have access to this) and commenting out nerdfonts (currently broken), I'm able to build your configuration, and agenix appears as expected and seems to work.

$ nix build .#nixosConfigurations.hetzner-cloud.config.system.build.toplevel
warning: input 'pentesting' has an override for a non-existent input 'nixpkgs'
$ ls result/sw/bin/agenix
result/sw/bin/agenix
$ result/sw/bin/agenix --version
agenix - edit and rekey age secret files

agenix -e FILE [-i PRIVATE_KEY]
agenix -r [-i PRIVATE_KEY]

options:
-h, --help                show help
-e, --edit FILE           edits FILE using $EDITOR
-r, --rekey               re-encrypts all secrets with specified recipients
-d, --decrypt FILE        decrypts FILE to STDOUT
-i, --identity            identity to use when decrypting
-v, --verbose             verbose output

FILE an age-encrypted file

PRIVATE_KEY a path to a private SSH key used to decrypt file

EDITOR environment variable of editor to use when editing FILE

If STDIN is not interactive, EDITOR will be set to "cp /dev/stdin"

RULES environment variable with path to Nix file specifying recipient public keys.
Defaults to './secrets.nix'

agenix version: 0.15.0
age binary path: /nix/store/xh816kyaib2qva6mfcrlpx9q96lfn8yi-age-1.1.1/bin/age
age version: 1.1.1