add generate-secrets.service
This commit is contained in:
parent
6447694214
commit
b90bf6691b
29
modules/secrets/generate-secrets.nix
Normal file
29
modules/secrets/generate-secrets.nix
Normal file
@ -0,0 +1,29 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
# This is mainly for testing.
|
||||
# When using this for regular deployments, make sure to create a backup of the
|
||||
# generated secrets.
|
||||
|
||||
with lib;
|
||||
let
|
||||
secretsDir = "/secrets/"; # TODO: make this an option
|
||||
in
|
||||
{
|
||||
nix-bitcoin.setup-secrets = true;
|
||||
|
||||
systemd.services.generate-secrets = {
|
||||
requiredBy = [ "setup-secrets.service" ];
|
||||
before = [ "setup-secrets.service" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
} // config.nix-bitcoin-services.defaultHardening;
|
||||
script = ''
|
||||
mkdir -p "${secretsDir}"
|
||||
cd "${secretsDir}"
|
||||
chown root: .
|
||||
chmod 0700 .
|
||||
${pkgs.nix-bitcoin.generate-secrets}
|
||||
'';
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue
Block a user