Simon Gardling
44a5d01960
agenix activation runs from initrd-nixos-activation-start, which fires
right after /sysroot/persistent is mounted but before impermanence's
stage-2 bind mounts. The TPM identity at /var/lib/agenix/tpm-identity
was therefore unreadable at activation time, and every secret silently
failed to decrypt: 'no readable identities found'. Visible downstream
fallout was pull-update-apply hitting HTTP 401 against the binary cache
because nix-cache-netrc was never written to /run/agenix.
Mark /var/lib/agenix as neededForBoot via a bare fileSystems entry,
mirroring the existing /home/${username} bind. Drop the now-redundant
environment.persistence directory entry to avoid two competing units.
My NixOS configs ✨
Hosts
- mreow: My personal Framework 13 laptop
- yarn: Machine I usually just play games on. Boots into SteamOS-like interface.
- muffin: Homeserver, runs various services.
Desktop/Laptop
What do I use?
Browser: Firefox 🦊 (actually Zen Browser :p)
Text Editor: Doom Emacs
Terminal: ghostty
Shell: fish with the pure prompt
WM: niri
Background
- Got my background from here and used the command
magick input.png -filter Point -resize 2880x1920! output.pngto upscale it bilinearly