Move secrets out of Nix Store #19
No reviewers
Labels
No Label
Contributions welcome
Service packaging
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: SelfPrivacy/selfprivacy-nixos-config#19
Loading…
Reference in New Issue
There is no content yet.
Delete Branch "its-wednesday-my-dudes"
Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?
Nix store is world-readable, and while nix repl fails to get the secret due to file permissions, we should still set up secrets without getting them in Nix store.
In the past tmpfiles.d was used, but its entire contents get to the nix store.
Now, all files with secrets are generated in activation scripts, with the help of jq and sed.
Also dead Pleroma code was deleted, but CAPTCHA is still broken.
Bitwarden-rs was renamed to vaultwarden, thus dropping support for NixOS 21.05