research the nix ways to manage secrets instead of parsing usedata.json at startup #37
Labels
No Label
Contributions welcome
Service packaging
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: SelfPrivacy/selfprivacy-nixos-config#37
Loading…
Reference in New Issue
There is no content yet.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?
The current
files.nix
specifiesjq
andsed
commands to be run at OS startup in order to parse values and write them to some/var/lib/*
and/root/.config/*
destinations. This is not reliable and makes reasoning about configuration-runtime conformity more complex.I expect that
userdata.json
is only read by nix (at configuration build time).This commit in #19 did a good job at moving secrets out of /nix/store, though I believe there are better ways.