Permission management for secrets #13

New Issue

Closed

opened 2020-12-31 15:52:14 +01:00 by simon · 1 comment

simon commented

2020-12-31 15:52:14 +01:00

Owner

Currently all secrets are owned by and are only readable by root. This makes it impossible to use them for unprivileged services (e.g. nginx). I implemented crude permission management for nginx in cb913a9b00/modules/nginx.nix , however I don’t quite like that approach.

Plan: create an activation script that takes care of it (like in 23f163cae5/nixos/vms/modules/secrets.nix )

Currently all secrets are owned by and are only readable by root. This makes it impossible to use them for unprivileged services (e.g. nginx). I implemented crude permission management for nginx in https://git.sbruder.de/simon/nixos-config/src/commit/cb913a9b004cfd8d26a5dcd392fc7d1eaab48e75/modules/nginx.nix , however I don’t quite like that approach. Plan: create an activation script that takes care of it (like in https://github.com/Mic92/dotfiles/blob/23f163cae52545d44a7e379dc204010b013d679a/nixos/vms/modules/secrets.nix )

simon added the

label 2021-01-03 23:39:15 +01:00

simon commented

2021-01-06 13:12:35 +01:00

Poster

Owner

Implemented in 7b2da0349c

Can sayuri’s luks key also be handled with this module? No

Implemented in 7b2da0349c80107d82fe09695e94b3e0456bed72 - [X] Can sayuri’s luks key also be handled with this module? **No**

simon added the

blocked by/testing needed

label 2021-01-06 13:20:16 +01:00

simon closed this issue

2021-01-06 17:16:10 +01:00

simon added

and removed

blocked by/testing needed

labels 2021-01-31 22:37:04 +01:00

Sign in to join this conversation.

No Milestone

No project

No Assignees

1 Participants

Notifications

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: simon/nixos-config#13

There is no content yet.