[Nix-dev] NixOps - merge config files
Kevin Cox
kevincox at kevincox.ca
Thu Jun 9 17:16:25 CEST 2016
On 09/06/16 11:03, 4levels wrote:
> Hi Kevin,
>
> I'm very curious how you setup sensitive information using deployment.keys
> This still seems like the best option to do this, but I failed to get
> it working..
>
> Could you be so kind to post a small example, showing how you define
> the keys and use them in functions that generate eg. a config file?
Here are two examples where I read the key out of a secret directory
(encrypted with git-crypt). Note that I don't generate any of my config
files, but that is theoretically possible.
deployment.keys.mesos.text = "root ${builtins.readFile
../secret/mesos-secret}";
deployment.keys.sumologic.text = builtins.readFile ../secret/sumologic;
And this example is importing a nix expression. Note that I'm not using
deployment.keys so this is accessible to anyone (on the server) as it
lands in the Nix store IIUC.
networking.defaultMailServer = import ../secret/smtp.nix;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: OpenPGP digital signature
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160609/a282e432/attachment.sig>
More information about the nix-dev
mailing list