Attribute is defined in nix repl, but not when running nix flake check

Help
1

I have been trying to set up my nix configuration (GitHub - jimkoen/homelab: my homelab) to use sops-nix for secret management. I’ve been following the guide and have managed to load secrets when running nix repl.

Specifially, I am trying to load my Cloudflare API token in order to trigger ACME challenges on the host. The key in secrets.yaml is called “CLOUDFLARE_DNS_API_TOKEN” and seems to load just fine when using the repl:

jimkoen@fedora ~/s/nix-config (main)> nix repl .
Nix 2.25.3
Type :? for help.
warning: Git tree '/home/jimkoen/src/nix-config' is dirty
Loading installable 'git+file:///home/jimkoen/src/nix-config#'...
Added 2 variables.
nix-repl> nixosConfigurations.paperless-ngx.config.sops.secrets.CLOUDFLARE_DNS_API_TOKEN 
{
  format = "yaml";
  gid = 0;
  group = null;
  key = "CLOUDFLARE_DNS_API_TOKEN";
  mode = "0400";
  name = "CLOUDFLARE_DNS_API_TOKEN";
  neededForUsers = false;
  owner = null;
  path = "/run/secrets/CLOUDFLARE_DNS_API_TOKEN";
  reloadUnits = [ ... ];
  restartUnits = [ ... ];
  sopsFile = "/nix/store/iplskddnx91vv49mi2bjwav1r6j0xpk6-source/secrets.yaml";
  sopsFileHash = "fe2e04448bc1bdb0d030a548e31d52eb4ed15fc70cfcda1f54c634bbf20b06b4";
  uid = 0;
}

Yet, when running nix flake check, I’m encountering the following error:

jimkoen@fedora ~/s/nix-config (main)> nix flake check
warning: Git tree '/home/jimkoen/src/nix-config' is dirty
evaluation warning: system.stateVersion is not set, defaulting to 25.05. Read why this matters on https://nixos.org/manual/nixos/stable/options.html#opt-system.stateVersion.
error:
       … while checking flake output 'nixosConfigurations'
         at /nix/store/iplskddnx91vv49mi2bjwav1r6j0xpk6-source/flake.nix:40:5:
           39|   {
           40|     nixosConfigurations.nixcontainer = let
             |     ^
           41|       username = "jimkoen";

       … while checking the NixOS configuration 'nixosConfigurations.paperless-ngx'
         at /nix/store/iplskddnx91vv49mi2bjwav1r6j0xpk6-source/flake.nix:56:5:
           55|
           56|     nixosConfigurations.paperless-ngx = let
             |     ^
           57|       username = "jimkoen";

       … while evaluating the option `system.build.toplevel':

       … while evaluating definitions from `/nix/store/w86f55hf97fr811mgc5dks24nak5jy0n-source/nixos/modules/system/activation/top-level.nix':

       … while evaluating the option `warnings':

       … while evaluating definitions from `/nix/store/w86f55hf97fr811mgc5dks24nak5jy0n-source/nixos/modules/system/boot/systemd.nix':

       … while evaluating the option `systemd.services."acme-paperless-ngx.home.jimkoen.com".serviceConfig':

       … while evaluating definitions from `/nix/store/w86f55hf97fr811mgc5dks24nak5jy0n-source/nixos/modules/security/acme':

       … while evaluating the option `security.acme.certs."paperless-ngx.home.jimkoen.com".environmentFile':

       … while evaluating definitions from `/nix/store/iplskddnx91vv49mi2bjwav1r6j0xpk6-source/hosts/paperless-ngx/default.nix':

       (stack trace truncated; use '--show-trace' to show the full, detailed trace)

       error: attribute 'CLOUDFLARE_DNS_API_TOKEN' missing
       at /nix/store/iplskddnx91vv49mi2bjwav1r6j0xpk6-source/hosts/paperless-ngx/default.nix:69:25:
           68|
           69|       environmentFile = config.sops.CLOUDFLARE_DNS_API_TOKEN.path;
             |                         ^
           70|     };

Anyone know why this is happening and how I can fix this?

2

Are you maybe just missing the secrets part of the attribute path?

nix-repl> nixosConfigurations.paperless-ngx.config.sops.secrets.CLOUDFLARE_DNS_API_TOKEN
environmentFile =                           config.sops.CLOUDFLARE_DNS_API_TOKEN.path;
3

That was indeed the issue. Big oof on my part! Thanks!