From cd0fd6926ba6f1223a3dc3d41dc49380853fb752 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Wed, 27 Nov 2019 14:04:24 +0100 Subject: [PATCH] don't copy secret files to store during nixops deployment --- network/network.nix | 8 ++++---- pkgs/nixops/release.nix.patch | 11 +++++++++++ 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/network/network.nix b/network/network.nix index f8ae92b..4e2b0c2 100644 --- a/network/network.nix +++ b/network/network.nix @@ -44,28 +44,28 @@ let permissions = "0440"; }; nginx_key = { - keyFile = ../secrets/nginx.key; + keyFile = toString ../../secrets/nginx.key; destDir = "/secrets/"; user = "nginx"; group = "root"; permissions = "0440"; }; nginx_cert = { - keyFile = ../secrets/nginx.cert; + keyFile = toString ../../secrets/nginx.cert; destDir = "/secrets/"; user = "nginx"; group = "root"; permissions = "0440"; }; lnd_key = { - keyFile = ../secrets/lnd.key; + keyFile = toString ../../secrets/lnd.key; destDir = "/secrets/"; user = "lnd"; group = "lnd"; permissions = "0440"; }; lnd_cert = { - keyFile = ../secrets/lnd.cert; + keyFile = toString ../../secrets/lnd.cert; destDir = "/secrets/"; user = "lnd"; group = "lnd"; diff --git a/pkgs/nixops/release.nix.patch b/pkgs/nixops/release.nix.patch index 91a81ab..c54432a 100644 --- a/pkgs/nixops/release.nix.patch +++ b/pkgs/nixops/release.nix.patch @@ -32,3 +32,14 @@ # For "nix-build --run-env". + +--- a/nixops/backends/__init__.py ++++ b/nixops/backends/__init__.py +@@ -24,6 +24,7 @@ class MachineDefinition(nixops.resources.ResourceDefinition): + opts = {} + for (key, xmlType) in (('text', 'string'), + ('keyFile', 'path'), ++ ('keyFile', 'string'), + ('destDir', 'string'), + ('user', 'string'), + ('group', 'string'),