Hi Tomasz, I'm definitely going to look into mkDefault as that sounds exactly like what I need ;-)
Thanks for the pointer! Erik aka 4levels On Tue, Jun 14, 2016 at 1:21 PM Tomasz Czyż <[email protected]> wrote: > Hey Erik, > > oh ok, I see. > Another way you could try, you can write a function to make a key > description. > > let > make-my-key = {text, group}: {user="root", text=text, group=group, > permissions="640"} > in > > > and then > > deployment.keys.my-key = make-my-key {group="nginx"; text="secret";}; > > There is also "mkDefault" function in nix but I don't know how to apply > this correctly in this case. > > 2016-06-14 11:28 GMT+01:00 4levels <[email protected]>: > >> Hi Tomasz, >> >> it is from that exact same link you posted that I was reading the >> defaults. >> Isn't there any better way to override these defaults? They are clearly >> defined in the file you linked to. >> >> The approach as posted by Rob seems to work but requires that all keys >> are stored in a single directory, which are then copied to the /run/keys >> folder on the target machine. >> >> Since the deployment of these keys has it's own procedure (other services >> need to wait for the keys to be copied completely) I'm currently not sure >> if doing it Rob's way will preserve this behavior. >> >> To be continued ;-) >> >> Erik >> >> On Tue, Jun 14, 2016 at 12:17 PM Tomasz Czyż <[email protected]> >> wrote: >> >>> https://nixos.org/nixops/manual/#opt-deployment.keys._name_.user >>> >>> 2016-06-14 11:12 GMT+01:00 4levels <[email protected]>: >>> >>>> Hi Rob, >>>> >>>> thank you for your swift reply! >>>> Does this mean I'm actually overriding the default keys behavior as >>>> defined in https://github.com/NixOS/nixops/blob/master/nix/keys.nix ? >>>> I was kind of hoping to be able to write something like >>>> >>>> deployment.keys.*.group = "keys"; >>>> deployment.keys.*.permissions = "0640"; >>>> >>>> I'll give it a try and post back here. >>>> >>>> Kind regards, >>>> >>>> Erik >>>> >>>> On Tue, Jun 14, 2016 at 12:06 PM Rob Vermaas <[email protected]> >>>> wrote: >>>> >>>>> Hi Erik, >>>>> >>>>> > Is there a way to define a default group and permissions for all keys >>>>> > without me specifying this for each key individually? >>>>> > I'm currently well over 200 keys per machine so adding the group and >>>>> > permissions for each key is quite elaborate.. >>>>> >>>>> You could do somthing like: >>>>> >>>>> deployment.keys = >>>>> let >>>>> keyDir = /path/to/dir/with/my/keys; >>>>> keys = builtins.attrNames (lib.filterAttrs (n: v: v == >>>>> "regular" ) (builtins.readDir keyDir)); >>>>> in with lib; listToAttrs (map (n: nameValuePair n { text = >>>>> builtins.readFile (keyDir + ("/" + n)); group = "keys"; permissions = >>>>> "0640"; }) keys); >>>>> >>>>> This would upload all files in /path/to/dir/with/my/keys to the >>>>> machine in /run/keys. Note I didn't test this, so it might have some >>>>> typos, biut hope the idea is clear. It's an adapted piece copied from >>>>> something similar we are using. >>>>> >>>>> Cheers, >>>>> -- >>>>> Rob Vermaas >>>>> >>>>> [email] [email protected] >>>>> >>>> >>>> _______________________________________________ >>>> nix-dev mailing list >>>> [email protected] >>>> http://lists.science.uu.nl/mailman/listinfo/nix-dev >>>> >>>> >>> >>> >>> -- >>> Tomasz Czyż >>> >> > > > -- > Tomasz Czyż >
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
