Move secrets out of Nix Store #19

Merged

inex merged 29 commits from its-wednesday-my-dudes into master 2022-07-19 15:18:46 +03:00

Conversation 0 Commits 29 Files Changed 14

inex commented 2022-07-19 15:17:30 +03:00

Owner

Nix store is world-readable, and while nix repl fails to get the secret due to file permissions, we should still set up secrets without getting them in Nix store.

In the past tmpfiles.d was used, but its entire contents get to the nix store.

Now, all files with secrets are generated in activation scripts, with the help of jq and sed.

Also dead Pleroma code was deleted, but CAPTCHA is still broken.

Bitwarden-rs was renamed to vaultwarden, thus dropping support for NixOS 21.05

Nix store is world-readable, and while nix repl fails to get the secret due to file permissions, we should still set up secrets without getting them in Nix store. In the past tmpfiles.d was used, but its entire contents get to the nix store. Now, all files with secrets are generated in activation scripts, with the help of jq and sed. Also dead Pleroma code was deleted, but CAPTCHA is still broken. Bitwarden-rs was renamed to vaultwarden, thus dropping support for NixOS 21.05

inex added 29 commits 2022-07-19 15:17:31 +03:00

3884d97240 Remove pleroma package definition

2d26ca545e Add channel for autoupgrades

41187bb18f Read value directly from json

ff536aa119 Change the way we read values from userdata

3707937d1e Ternaries

31c0d4a5d5 Linting

7293337546 Forgot some ifs

b8bdb65e6d One more if

2e40bf243b Default root ssh key (empty)

e428db106a Replace some nulls

3ca55578ac More ifs

6b433f3928 Fix

fcb78ab487 forgot "?"

eaa6caa146 Use lib.attrsets.attrByPath

6218abc375 Move from tmpfiles.d to init scripts.

9fe0f9acd6 Provision sed and jq

c5e0713481 Try gnused

47d63f2fcf Fix restic password init.

17b927f700 Add force to deactivation script

ea383780b6 Remove all secrets from nix store

b22bc3d6c3 Remove semicolon

6e6d21af62 Ensure folders for activation script are created

819df84cd3 Remove comma

b6cb60302e Remove extensions

5e000f850e Disable postgre initial script

3585911798 Roll back the setup.psql

38f9fe5ea0 Fix typo

e6b6c10c66 Ensure credentials folders via activation scripts

cabe97f1e3 Fixes: ...

- Bitwarden-rs → vaultwarden
- Add folder creation for rclone config

inex merged commit c1ed3a522c into master 2022-07-19 15:18:46 +03:00

inex deleted branch its-wednesday-my-dudes 2022-07-19 15:18:46 +03:00

inex referenced this issue from a commit 2022-07-19 15:18:47 +03:00

Move secrets out of Nix Store (#19)

alexoundos referenced this pull request 2023-07-15 14:44:27 +03:00

research the nix ways to manage secrets instead of parsing usedata.json at startup #37

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

Contributions welcome

  

Service packaging

  

bug

Something is not working   

duplicate

This issue or pull request already exists   

enhancement

New feature   

help wanted

Need some help   

invalid

Something is wrong   

question

More information is needed   

wontfix

This won't be fixed

No Label

Contributions welcome

Service packaging

bug

duplicate

enhancement

help wanted

invalid

question

wontfix

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: SelfPrivacy/selfprivacy-nixos-config#19

There is no content yet.