afnix/infra
0
0
Fork 0
Code Issues 40 Pull requests 10 Projects Releases Packages Wiki Activity

openbao-agent invalid config with no templates defined #254

New issue
Open
opened 2025-08-07 09:13:34 +00:00 by delroth · 1 comment
delroth commented 2025-08-07 09:13:34 +00:00 (Migrated from git.lix.systems)
Copy link

Using the openbao-agent module without defining any templates seems to lead to a config that the agent cannot parse (failing to initialize):

Jul 28 17:16:31 bagel-box bao[218169]: error loading configuration from /nix/store/a6fk0dfr99wp3cdv0iyvkmyshr4rnbif-agent.json: error parsing 'template': error converting config
Using the openbao-agent module without defining any templates seems to lead to a config that the agent cannot parse (failing to initialize): ``` Jul 28 17:16:31 bagel-box bao[218169]: error loading configuration from /nix/store/a6fk0dfr99wp3cdv0iyvkmyshr4rnbif-agent.json: error parsing 'template': error converting config ```
emilylange commented 2025-08-18 14:48:37 +00:00 (Migrated from git.lix.systems)
Copy link

Consider using services.vault-agent from nixpkgs instead of services.openbao-agent from https://git.lix.systems/the-distro/systemd-openbao.

The module in https://git.lix.systems/the-distro/systemd-openbao (or rather https://github.com/numtide/systemd-vaultd) exists, because at the time there simply was no module for that in nixpkgs yet.

See

The timing on this is just funny, because you happen to encounter this a few weeks after https://github.com/NixOS/nixpkgs/issues/420208 and a few days after https://github.com/NixOS/nixpkgs/pull/431031 was opened, but not merged yet.

I am also in the process of renaming services.vault-agent to services.openbao-agent for various reasons in nixpkgs, but we will see how that goes. For now, the main difference is that you need to set services.vault-agent.instances.<name>.package = pkgs.openbao.

And you will have to bump your nixpkgs input for this once.

Consider using `services.vault-agent` from nixpkgs instead of `services.openbao-agent` from <https://git.lix.systems/the-distro/systemd-openbao>. The module in https://git.lix.systems/the-distro/systemd-openbao (or rather <https://github.com/numtide/systemd-vaultd>) exists, because at the time there simply was no module for that in nixpkgs yet. See - https://github.com/NixOS/nixpkgs/issues/420208 - https://github.com/NixOS/nixpkgs/pull/431031 and - https://github.com/NixOS/nixpkgs/pull/283534#issuecomment-3152494935 The timing on this is just funny, because you happen to encounter this a few weeks after <https://github.com/NixOS/nixpkgs/issues/420208> and a few days after <https://github.com/NixOS/nixpkgs/pull/431031> was opened, but not merged yet. I am also in the process of renaming `services.vault-agent` to `services.openbao-agent` for various reasons in nixpkgs, but we will see how that goes. For now, the main difference is that you need to set `services.vault-agent.instances.<name>.package = pkgs.openbao`. And you will have to bump your nixpkgs input for this once.
👍 1 ❤️ 1
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
staging
docs-afnix-fr
broker-flows
goaccess
alerting-to-zulip
better-backup-monitoring
forgejo-runners-sprinkles
abm
afnix-social-logins
hyp01
benchmarks
afnix-oidc
voidlinux-tenant
x86_builder_v6_only
besadii-release-branches
tom-hubrecht/audit
repair-ofborg
i-wish-i-had-jj-and-gerrit
scheduled-builds
gerrit-hydra
single-node-ceph
storage-project
cache-lix
email-groups
format
No results found.
Labels
Clear labels   
Compat/Breaking

Breaking change that won't be backward compatible

  
Difficulty/Architectural

Requires changes in multiple pieces of the stack: the Nix interpreter, etc.

  
Difficulty/Easy

Infrastructure beginner friendly tasks

  
Difficulty/Hard

Requires prior knowledge, research and design

  
Help Wanted

Looking for a first task to pick? This one is looking for somefew to do it as well!

  
Kind/Bug

Something is not working

  
Kind/Documentation

Documentation changes

  
Kind/Enhancement

Improve existing functionality

  
Kind/Feature

New functionality

  
Kind/Testing

Issue or pull request related to testing

  
Priority/Critical

The priority is critical

  
Priority/High

The priority is high

  
Priority/Low

The priority is low

  
Priority/Medium

The priority is medium

  
Reviewed/Confirmed

Issue has been confirmed

  
Reviewed/Duplicate

This issue or pull request already exists

  
Reviewed/Invalid

Invalid issue

  
Reviewed/Won't Fix

This issue won't be fixed

  
Security

This is a security issue

  
Silenced Alert

This issue was created to track a silenced alert which needs remediation work.

  
Status/Abandoned

Somebody has started to work on this but abandoned work

  
Status/Blocked

Something is blocking this issue or pull request

  
Status/Need More Info

Feedback is required to reproduce issue or to continue work

  
Status/Postponed

We can do this later

  
Tracking Issue

Umbrella issue of many things at the same time

No labels
Compat/Breaking
Difficulty/Architectural
Difficulty/Easy
Difficulty/Hard
Help Wanted
Kind/Bug
Kind/Documentation
Kind/Enhancement
Kind/Feature
Kind/Testing
Priority/Critical
Priority/High
Priority/Low
Priority/Medium
Reviewed/Confirmed
Reviewed/Duplicate
Reviewed/Invalid
Reviewed/Won't Fix
Security
Silenced Alert
Status/Abandoned
Status/Blocked
Status/Need More Info
Status/Postponed
Tracking Issue
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: afnix/infra#254
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?