Help to configure home-manager user email with sops

Felipe-9 · February 20, 2025, 12:34am

Hello there i need some help, mainly its about setting sops variables in home manager.

new error: error: attribute ‘“email/realName”’ missing

i havent put here but the file modules/home/email/default.nix defines sops.secrets."email/realName" right

this is the module that is using the sops secrets
modules/home/email/gmail_main.nix

{ lib, config, ... }:
{
  options.modules.email.enableAccounts.gmail_main = 
    lib.mkEnableOption "config gmail_main account";

  config = lib.mkIf config.modules.email.enableAccounts.gmail_main {

    sops.secrets."email/gmail_main/address" = { sopsFile = ../../../secrets/email.yaml; };
    sops.secrets."email/gmail_main/pass" = { sopsFile = ../../../secrets/email.yaml; };

    accounts.email.accounts.gmail_main = let
      realName = config.sops.secrets."email/realName";
      address = config.sops.secrets."email/gmail_main/address";
      pass = config.sops.secrets."email/gmail_main/pass";
    in {
      address = address;
      userName = address;
      passwordCommand = pass;
      inherit realName;
      # gpg
      gpg.key = config.programs.git.signing.key;
      gpg.signByDefault = true;
      # settings
      primary = true;
      msmtp.enable = true;
      notmuch.enable = true;
      mbsync.enable = true;
      mbsync.create = "maildir";
      imap.host = "gmail.com";
      smtp.host = "gmail.com";
      # signature
      signature = {
        text = ''
          ${realName}
        '';
        showSignature = "append";
      };
    };
  };
}

sops in home manager is configured on this file modules/home/sops.nix
updated content

{ lib, config, inputs, ... }:
{ 
  imports = [
    inputs.sops-nix.homeManagerModules.sops
  ];
  config = {
    sops = {
      defaultSopsFormat = "yaml";
      # This will add secrets.yml to the nix store
      # You can avoid this by adding a string to the full path instead, i.e.
      # defaultSopsFile = ../../../secrets/secrets.yaml;
      defaultSopsFile = "/root/.sops/secrets/secrets.yaml";
      # defaultSopsFile = ./secrets/example.yaml;
      # This will automatically import SSH keys as age keys
      age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
      # This is using an age key that is expected to already be in the filesystem
      age.keyFile = "/var/lib/sops-nix/key.txt";
      # This will generate a new key if the key specified above does not exist
      age.generateKey = true;
    };
  };
}```
the file `modules/core/security/sops.nix`
```nix
{ lib, config, inputs, pkgs, ... }:
{
  imports = [ inputs.sops-nix.nixosModules.sops ];

  options.modules.security.sops.enable =
    lib.mkEnableOption "enable sops module";

  config = lib.mkIf config.modules.security.sops.enable {
    environment.systemPackages = [ pkgs.sops ];
    sops = {
      defaultSopsFormat = "yaml";
      # This will add secrets.yml to the nix store
      # You can avoid this by adding a string to the full path instead, i.e.
      # defaultSopsFile = ../../../secrets/secrets.yaml;
      defaultSopsFile = "/root/.sops/secrets/secrets.yaml";
      # defaultSopsFile = ./secrets/example.yaml;
      # This will automatically import SSH keys as age keys
      age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
      # This is using an age key that is expected to already be in the filesystem
      age.keyFile = "/var/lib/sops-nix/key.txt";
      # This will generate a new key if the key specified above does not exist
      age.generateKey = true;
    };
  };
}

waffle8946 · February 20, 2025, 1:28am

You can’t use the contents of a sops secret in your config, only the path can be used.

https://wiki.nixos.org/wiki/Comparison_of_secret_managing_schemes

Felipe-9 · February 20, 2025, 1:31am

yeah, thanks i actually realized that at some point. i just updated with that fix, but im still getting an error for “email/realName” missing

Felipe-9 · February 20, 2025, 1:44am

update: i tried handwritting values for address and realName instead of grabbing from sops and after building i got an error for sops maybe its relevant

$ systemctl --user status sops-nix.service
× sops-nix.service - sops-nix activation
     Loaded: loaded (/home/felipepinto/.config/systemd/user/sops-nix.service; enabled; preset: ignored)
     Active: failed (Result: exit-code) since Thu 2025-02-20 01:41:42 WET; 15s ago
 Invocation: dd12fd6f1ae8402891d17314215f37d9
    Process: 33464 ExecStart=/nix/store/lp7lnzws9sl3k6ysqk30y5xv89a256fh-sops-nix-user (code=exited, status=1/F>
   Main PID: 33464 (code=exited, status=1/FAILURE)
   Mem peak: 6.2M
        CPU: 15ms

fev 20 01:41:42 gmktecK8 systemd[1765]: Starting sops-nix activation...
fev 20 01:41:42 gmktecK8 lp7lnzws9sl3k6ysqk30y5xv89a256fh-sops-nix-user[33464]: generating machine-specific age>
fev 20 01:41:42 gmktecK8 lp7lnzws9sl3k6ysqk30y5xv89a256fh-sops-nix-user[33466]: /nix/store/wdap4cr3bnm685f27y9b>
fev 20 01:41:42 gmktecK8 lp7lnzws9sl3k6ysqk30y5xv89a256fh-sops-nix-user[33467]: age-keygen: error: failed to op>
fev 20 01:41:42 gmktecK8 lp7lnzws9sl3k6ysqk30y5xv89a256fh-sops-nix-user[33467]: age-keygen: report unexpected o>
fev 20 01:41:42 gmktecK8 lp7lnzws9sl3k6ysqk30y5xv89a256fh-sops-nix-user[33472]: Cannot read ssh key '/etc/ssh/s>
fev 20 01:41:42 gmktecK8 lp7lnzws9sl3k6ysqk30y5xv89a256fh-sops-nix-user[33472]: /nix/store/5l7m96290y8546fx7803>
fev 20 01:41:42 gmktecK8 systemd[1765]: sops-nix.service: Main process exited, code=exited, status=1/FAILURE
fev 20 01:41:42 gmktecK8 systemd[1765]: sops-nix.service: Failed with result 'exit-code'.
fev 20 01:41:42 gmktecK8 systemd[1765]: Failed to start sops-nix activation.

Felipe-9 · February 20, 2025, 1:17pm

clearly the error changed to another subject i will open an issue to address it properly