Permission management for secrets #13
Labels
No Label
affects/hardware
affects/legal
affects/reproducibility
affects/security
affects/style
affects/usability
blocked by/release 21.05
blocked by/release 21.11
blocked by/release 22.05
blocked by/testing needed
blocked by/testing needed/fuuko
blocked by/testing needed/sayuri
blocked by/upstream
resolution
deferred
resolution
permanent workaround
resolution
upstream wontfix
resolution
wontfix
type
bug
type
chore
type
feature
type
new machine
type
question
type
regression
type
tracking
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: simon/nixos-config#13
Loading…
Reference in New Issue
There is no content yet.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?
Currently all secrets are owned by and are only readable by root. This makes it impossible to use them for unprivileged services (e.g. nginx). I implemented crude permission management for nginx in
cb913a9b00/modules/nginx.nix
, however I don’t quite like that approach.Plan: create an activation script that takes care of it (like in
23f163cae5/nixos/vms/modules/secrets.nix
)Implemented in
7b2da0349c