Sent as https://github.com/NixOS/nixpkgs/pull/12219.
Thanks all for help! /Mateusz. On Thu, Jan 7, 2016 at 1:21 PM, Mateusz Czaplinski <[email protected]> wrote: > The `mode = "0400"` approach seems to work indeed, thanks! And just as you > advised, the secret is then world-readable in /nix/store/*-etc/... and in > /etc/nixos/configuration.nix anyway. I see the same issue was discussed in > the aforementioned #12015 ( > https://github.com/NixOS/nixpkgs/pull/12015#discussion-diff-48864628), > but it was apparently stepped over and accepted for the time being. > Personally, I'm inclined to add some comment / "SECURITY WARNING" to both > the manual and the option description in my forthcoming PR. That said, I'm > sure interested in how /etc/shadow works if it could possibly be helpful > here. > > As to other aspects, currently I'm reusing the > "networking.wireless.networks" property from #12015 to build the simple > WiFi config for network-manager. Is that a good way to go (+ modifying the > comments in the config & manual to account for nm), or should I create a > parallel option definition in e.g. > "networking.networkmanager.wirelessNetworks" instead? Or should I go on and > send the PR when ready and move that part of the discussion there? > > Thanks, > /Mateusz. > > On Thu, Jan 7, 2016 at 12:45 PM, Tomasz Czyż <[email protected]> > wrote: > >> So, how /etc/shadow file works? I did a quick look and seems it's >> generated by some perl scripts (probably omitting nix store), is that >> correct? Maybe the same way could be used here. >> >> 2016-01-06 15:03 GMT+00:00 Fabian Schmitthenner <[email protected]> >> : >> >>> I think you can use >>> >>> environment.etc."NetworkManager/system-connections/some-file" = { >>> text = "Text of file"; >>> mode = "0400"; >>> } >>> >>> This will copy the file into /etc with appropriate mode at activation >>> time. See also http://nixos.org/nixos/options.html and search for >>> environment.etc for further options. >>> >>> (Of cause other users can still read the original file in the nix store, >>> so the contents would still be reachable for all users). >>> >>> Greetings >>> >>> Fabian >>> >>> On 01/06/2016 02:26 PM, Vladimír Čunát wrote: >>> > On 01/06/2016 12:52 AM, Mateusz Czaplinski wrote: >>> >> NetworkManager expects to have network definitions as chmod 400 files >>> in >>> >> /etc/NetworkManager/system-connections/ IIRC. >>> > >>> > Files in nix store can't be chmod 400. >>> > >>> > --Vladimir >>> > >>> > >>> > >>> > >>> > _______________________________________________ >>> > nix-dev mailing list >>> > [email protected] >>> > http://lists.science.uu.nl/mailman/listinfo/nix-dev >>> > >>> >>> >>> _______________________________________________ >>> nix-dev mailing list >>> [email protected] >>> http://lists.science.uu.nl/mailman/listinfo/nix-dev >>> >>> >> >> >> -- >> Tomasz Czyż >> >> _______________________________________________ >> nix-dev mailing list >> [email protected] >> http://lists.science.uu.nl/mailman/listinfo/nix-dev >> >> >
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
