Nixos-rebuild: Failed to connect to socket /run/user/1000/bus: Connection refused

papanito · February 15, 2025, 8:38pm

Another thing I see is the following error

Failed to connect to socket /run/user/1000/bus: Connection refused

This is what I run

sudo -E  nixos-rebuild  switch  --flake '.#envy' --upgrade --target-host admin@10.0.0.11 --use-remote-sudo                                                                                                                              ─╯
building the system configuration...
copying 0 paths...
Shared connection to 10.0.0.11 closed.
Shared connection to 10.0.0.11 closed.
activating the configuration...
setting up /etc...
sops-install-secrets: Imported /etc/ssh/ssh_host_rsa_key as GPG key with fingerprint 79b4c50908dc85c291768c1303484cb5a00916e3
sops-install-secrets: Imported /etc/ssh/ssh_host_ed25519_key as age key with fingerprint age1fyvzwcvfv2s3s9jr7hdpkkdc3fup65rksgeu9uahvntnrvg243fs4lm0qz
/nix/store/6pqncin1i2wy8xqy627q6pk5si6yqhpg-sops-install-secrets-0.0.1/bin/sops-install-secrets: failed to decrypt '/nix/store/bahn27fgkz958ri94xq866ydv97656qp-secrets.yaml': Error getting data key: 0 successful groups required, got 0
Activation script snippet 'setupSecrets' failed (1)
Failed to run activate script
reloading user units for admin...
Error: Failed to open dbus connection

Caused by:
    Failed to connect to socket /run/user/1000/bus: Connection refused
restarting sysinit-reactivation.target
the following new units were started: NetworkManager-dispatcher.service
Shared connection to 10.0.0.11 closed.
warning: error(s) occurred while switching to the new configuration

eblechschmidt · February 15, 2025, 9:21pm

One thing is that your ssh certificates are either not in your .sops.yaml, the groups are not set correctly in there or you forgot to run sops updatekeys secrets/secrets.yamlafterwards.

papanito · February 16, 2025, 12:08pm

I updated sops.yaml as follows but still get the error

# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
# for a more complex example.
keys:
  - &admin_papanito age12q4dwh0zqgfxfswzydr3mq7ppm5htv73aqkrfpel9ppcmml3eqds5zzzhr
  - &admin_admin age1pu3n34surq08wa0xa7xrhd4ukcah8au6pqw5mj8mgpvypw8e4d0swhf9v2
  - &server_clawfinger age155ygrv7uzel70wp7tde2fp3xg9kjsht3kcu49rt3l89qw5j0tgsqsvccye
  - &server_envy age1fyvzwcvfv2s3s9jr7hdpkkdc3fup65rksgeu9uahvntnrvg243fs4lm0qz
creation_rules:
  - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - age:
      - *admin_papanito
      - *server_clawfinger
      - *server_envy
  - path_regex: secrets/clawfinger/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - age:
      - *admin_papanito
      - *server_clawfinger
  - path_regex: secrets/envy/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - age:
      - *admin_papanito
      - *admin_admin
      - *server_envy

eblechschmidt · February 16, 2025, 1:22pm

Did you also run sops updatekeys <filename> on all yaml files with secrets?

papanito · February 16, 2025, 7:27pm

no I forgot, now looks better. Many thanks