Hi,
I tried this but somehow the nixops-load-keys service is not automatically
started. I can see the service with systemctl status and when I restart it,
it does as expected (copies the files from /run/keys to /root/keys.
However, when I reboot the machine, the nixops-load-keys service doesn't
seem to do this automatically. Only after running systemctl restart
nixops-load-keys it copies the files back to /run/store.
When I delete /root/keys/* and do a reboot, the keys aren't copied either.
There must be something wrong with my before and after statements I guess
since both services do work when started manually. I'm probably
overlooking something obvious here..
I modified your script a little as follows:
let
....
keyStore = "/root/keys";
keyRun = "/run/keys";
keyLoad = pkgs.writeScript "nixops-load-keys" ''
#!${pkgs.bash}/bin/bash
set -euo pipefail
if [ -e '${keyStore}/done' ] && [ ! -e '${keyRun}/done' ]; then
cd '${keyStore}'
cp -pf -- ${lib.concatMapStringsSep " " (k: "'${k}'")
(builtins.attrNames config.deployment.keys)} \
'${keyRun}/' || exit 0
touch -r '${keyStore}/done' '${keyRun}/done'
fi
'';
keySave = pkgs.writeScript "nixops-save-keys" ''
#!${pkgs.bash}/bin/bash
set -euo pipefail
while true; do
if [ -e '${keyRun}/done' ]; then
if [ ! -e '${keyStore}/done' ] || [ '${keyRun}/done' -nt
'${keyStore}/done' ] ; then
rm -rf '${keyStore}'
mkdir -p '${keyStore}'
chown --reference='${keyRun}' -- '${keyStore}'
chmod --reference='${keyRun}' -- '${keyStore}'
cd '${keyRun}'
cp -pf -- ${concatMapStringsSep " " (k: "'${k}'") (attrNames
config.deployment.keys)} '${keyStore}/' || continue
touch -r '${keyRun}/done' '${keyStore}/done'
touch -r '${keyRun}' '${keyStore}'
fi
fi
sleep 1m
done
'';
....
in
....
systemd.services.nixops-load-keys = {
description = "Re-load nixops keys after reboot";
before = [ "nixops-keys.service" ];
wantedBy = [ "keys.target" ];
unitConfig.RequiresMountsFor = [ keyRun keyStore ];
serviceConfig = {
ExecStart = keyLoad;
Type = "oneshot";
RemainAfterExit = false;
};
};
systemd.services.nixops-save-keys = {
description = "Save nixops keys to re-load after reboot";
after = [ "keys.target" ];
wantedBy = [ "keys.target" ];
serviceConfig = {
ExecStart = keySave;
Restart = "always";
};
};
....
Kind regards,
Erik
On Mon, May 9, 2016 at 7:51 PM Игорь Пашев <pashev.i...@gmail.com> wrote:
> 2016-05-09 13:49 GMT+03:00 Tomasz Czyż <tomasz.c...@gmail.com>:
> > I'm not sure I understand this correctly. Do you want to put keys into
> the
> > initrd?
>
>
> No, I keep them under /root/keys. The save service polls /run/keys for
> updates.
> _______________________________________________
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
_______________________________________________
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
