[Nix-dev] Persistent NixOps keys

[4levels]

Hi Nix-devs, hi Tomasz, hi Игорь,

I managed to get it working flawlessly by adding keys.target to the
requires and after statements of my other service configs.

I was just wondering how this copes with server kills (as Vultr
periodically resets an instance when they experience system failures).  I'm
guessing when they kill a VPS (or reset it) the systemd shutdown calls are
being bypassed.  I've opened a support request to ask if they can always
perform a normal reboot instead of a hard reset.

Thanks again for your great support and valuable pointers!

Kind regards,

Erik

On Fri, Jun 17, 2016 at 12:16 PM 4levels <4levels at gmail.com> wrote:

> Hi Tomasz,
>
> Thanks for another great pointer!
> My own services do require the keys so I have to make them depend/require
> on keys.target
>
> I'm about to test this out, I'll keep you posted here..
>
> Kind regards,
>
> Erik
>
> On Fri, Jun 17, 2016, 11:47 Tomasz Czyż <tomasz.czyz at gmail.com> wrote:
>
>> Erik, you also could add your load-keys service to network.target or any
>> target which starts at the system start. So then you don't have to add it
>> to specific apps, depends on your keys workflow.
>>
>> 2016-06-17 9:48 GMT+01:00 4levels <4levels at gmail.com>:
>>
>>> That's probably it!
>>>
>>> I still need to update all service configs to have keys.target in the
>>> wantedBy list.
>>>
>>> I read somewhere that I should also use requiredBy for it to really wait
>>> untill keys.target is finished..
>>>
>>> Kind regards,
>>>
>>> Erik
>>>
>>> On Thu, Jun 16, 2016, 23:50 Игорь Пашев <pashev.igor at gmail.com> wrote:
>>>
>>>> 2016-06-14 17:17 GMT+03:00 4levels <4levels at gmail.com>:
>>>> > wantedBy = [ "keys.target" ];
>>>>
>>>>
>>>> Maybe you don't have services depending on keys.target
>>>>
>>>
>>
>>
>> --
>> Tomasz Czyż
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160619/436382cf/attachment.html>