[Nix-dev] Setting default group & permissions on deployment.keys

Tomasz Czyż tomasz.czyz at gmail.com
Tue Jun 14 12:17:26 CEST 2016


https://nixos.org/nixops/manual/#opt-deployment.keys._name_.user

2016-06-14 11:12 GMT+01:00 4levels <4levels at gmail.com>:

> Hi Rob,
>
> thank you for your swift reply!
> Does this mean I'm actually overriding the default keys behavior as
> defined in https://github.com/NixOS/nixops/blob/master/nix/keys.nix ?
> I was kind of hoping to be able to write something like
>
> deployment.keys.*.group = "keys";
> deployment.keys.*.permissions = "0640";
>
> I'll give it a try and post back here.
>
> Kind regards,
>
> Erik
>
> On Tue, Jun 14, 2016 at 12:06 PM Rob Vermaas <rob.vermaas at gmail.com>
> wrote:
>
>> Hi Erik,
>>
>> > Is there a way to define a default group and permissions for all keys
>> > without me specifying this for each key individually?
>> > I'm currently well over 200 keys per machine so adding the group and
>> > permissions for each key is quite elaborate..
>>
>> You could do somthing like:
>>
>>       deployment.keys =
>>         let
>>           keyDir = /path/to/dir/with/my/keys;
>>           keys = builtins.attrNames (lib.filterAttrs (n: v: v ==
>> "regular" ) (builtins.readDir keyDir));
>>         in with lib; listToAttrs (map (n: nameValuePair n { text =
>> builtins.readFile (keyDir + ("/" + n)); group = "keys"; permissions =
>> "0640"; }) keys);
>>
>> This would upload all files in /path/to/dir/with/my/keys to the
>> machine in /run/keys. Note I didn't test this, so it might have some
>> typos, biut hope the idea is clear. It's an adapted piece copied from
>> something similar we are using.
>>
>> Cheers,
>> --
>> Rob Vermaas
>>
>> [email] rob.vermaas at gmail.com
>>
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>


-- 
Tomasz Czyż
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160614/2c9cabd6/attachment.html>


More information about the nix-dev mailing list