SelfPrivacy
/
selfprivacy-nixos-config
6
3
Fork 6
Code Issues 17 Pull Requests 1 Projects Releases Wiki Activity

research the nix ways to manage secrets instead of parsing usedata.json at startup #37

New Issue
Open
opened 2023-07-15 01:42:04 +03:00 by alexoundos · 0 comments
alexoundos commented 2023-07-15 01:42:04 +03:00
Collaborator

The current files.nix specifies jq and sed commands to be run at OS startup in order to parse values and write them to some /var/lib/* and /root/.config/* destinations. This is not reliable and makes reasoning about configuration-runtime conformity more complex.

I expect that userdata.json is only read by nix (at configuration build time).

This commit in #19 did a good job at moving secrets out of /nix/store, though I believe there are better ways.

[The current `files.nix` specifies `jq` and `sed` commands to be run at OS startup in order to parse values and write them to some `/var/lib/*` and `/root/.config/*` destinations](https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/src/commit/65b5a1977756549240eae05005d1f6b5feef126d/files.nix#L38). This is not reliable and makes reasoning about configuration-runtime conformity more complex. I expect that `userdata.json` is only read by nix (at configuration build time). --- [This commit](https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/commit/c1ed3a5) in #19 did a good job at moving secrets out of /nix/store, though I believe there are better ways.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
inex/test-collect-garbage
flakes
inex/test-autobackup
inex/test-systemd-rebuild
master
pre-release
flake-to-override-folder
flake-to-override
systemd-limits
ldap
api-redis
pleroma-fixes
development
rolling-testing
Labels
Clear labels   
Contributions welcome
   
Service packaging
   
bug

Something is not working   
duplicate

This issue or pull request already exists   
enhancement

New feature   
help wanted

Need some help   
invalid

Something is wrong   
question

More information is needed   
wontfix

This won't be fixed
No Label
Contributions welcome
Service packaging
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: SelfPrivacy/selfprivacy-nixos-config#37
There is no content yet.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?