Mathijs Kwik wrote: > Hi all, > > Ofcourse I don't want people to enter the password into their > configuration.nix, but I would like to provide an option to provide a > path to a separate file on a secure place, or they can use > builtins.readFile. Neither of those ways is secure. The password will appear in /nix/store/...drv in plain text. > Also, I would like to use the default upstream config as a basis (the > package stores this at $out/share/gogoclient-1.2/default.conf), to > ease future upstream changes. So no embedded config in the module > which has to be maintained. > > I can probably use something like system.activationScripts to just > copy the default to some place in /etc, chmod that, and substitute > values in there, but it doesn't feel very elegant. Though it seems to be the only secure way... > > Any suggestions? Write all options but the password to a file in /nix/store (written by derivation), then use activation script to substitute password in this file and copy it to /etc. -- Yury G. Kudryashov, mailto: [email protected]
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
