Right now you should not put passwords into the store, because its world
readable by default. The common workaround is to store files at /root
and put the path into the /store instead, right?
What about creating a new primop which allows to write arbitrary files?
Then you could do this:
services.foo = {
passwordFile = builtins.__writeArbitraryFile "/root/password-for-xy"
'top-secret-password'; # should return the path
}
This way it could be ensured that the files have the correct format -
and no passwords would be written to the store, right?
Does this make any sense?
It would be useful for creating mysql databases and the like.
Marc Weber
_______________________________________________
nix-dev mailing list
[email protected]
http://lists.science.uu.nl/mailman/listinfo/nix-dev
