Skip to content

Instantly share code, notes, and snippets.

@Xe

Xe/blog-example.nix Secret

Created Jan 20, 2021
Embed
What would you like to do?
{
pa = { pkgs, ... }: {
imports = [ ../../common/base.nix ../../common/generic-libvirtd.nix ];
deployment.targetHost = "192.168.122.96";
# create a service-specific user
users.users.example.isSystemUser = true;
# without this group the secret can't be read
users.users.example.extraGroups = [ "keys" ];
systemd.services.example = {
wantedBy = [ "multi-user.target" ];
after = [ "example-key.service" ];
wants = [ "example-key.service" ];
serviceConfig.User = "example";
serviceConfig.Type = "oneshot";
script = ''
stat /run/keys/example
'';
};
deployment.keys.example = {
text = "this is a super sekrit value :)";
user = "example";
group = "example";
permissions = "0640";
};
};
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment