don't copy secret files to store during nixops deployment

2019-11-27 14:04:24 +01:00 · 2019-11-27 14:04:24 +01:00 · cd0fd6926b
commit cd0fd6926b
parent f0a36fe0c7
2 changed files with 15 additions and 4 deletions
--- a/network/network.nix
+++ b/network/network.nix
@ -44,28 +44,28 @@ let
    permissions = "0440";
  };
  nginx_key = {
-    keyFile = ../secrets/nginx.key;
+    keyFile = toString ../../secrets/nginx.key;
    destDir = "/secrets/";
    user = "nginx";
    group = "root";
    permissions = "0440";
  };
  nginx_cert = {
-    keyFile = ../secrets/nginx.cert;
+    keyFile = toString ../../secrets/nginx.cert;
    destDir = "/secrets/";
    user = "nginx";
    group = "root";
    permissions = "0440";
  };
  lnd_key = {
-    keyFile = ../secrets/lnd.key;
+    keyFile = toString ../../secrets/lnd.key;
    destDir = "/secrets/";
    user = "lnd";
    group = "lnd";
    permissions = "0440";
  };
  lnd_cert = {
-    keyFile = ../secrets/lnd.cert;
+    keyFile = toString ../../secrets/lnd.cert;
    destDir = "/secrets/";
    user = "lnd";
    group = "lnd";
--- a/pkgs/nixops/release.nix.patch
+++ b/pkgs/nixops/release.nix.patch
@ -32,3 +32,14 @@


       # For "nix-build --run-env".
+
+--- a/nixops/backends/__init__.py
+++ b/nixops/backends/__init__.py
+@@ -24,6 +24,7 @@ class MachineDefinition(nixops.resources.ResourceDefinition):
+             opts = {}
+             for (key, xmlType) in (('text',        'string'),
+                                    ('keyFile',     'path'),
+                                   ('keyFile',     'string'),
+                                    ('destDir',     'string'),
+                                    ('user',        'string'),
+                                    ('group',       'string'),