Re: [Nix-dev] NixOps - secret/credentials management

2016-05-12 Thread Tomasz Czyż
Rob: thank you! This might be what I'm looking for, I'll try that. 2016-05-12 15:45 GMT+01:00 Tomasz Czyż : > Igor posted some solution to have persistant keys few days back: > https://www.mail-archive.com/nix-dev@lists.science.uu.nl/msg18995.html > > Worth to adding to

Re: [Nix-dev] NixOps - secret/credentials management

2016-05-12 Thread Tomasz Czyż
Igor posted some solution to have persistant keys few days back: https://www.mail-archive.com/nix-dev@lists.science.uu.nl/msg18995.html Worth to adding to docs? 2016-05-12 15:31 GMT+01:00 Graham Christensen : > > > On Thu, May 12, 2016 at 4:43 AM, Rob Vermaas

Re: [Nix-dev] NixOps - secret/credentials management

2016-05-12 Thread Graham Christensen
On Thu, May 12, 2016 at 4:43 AM, Rob Vermaas wrote: > > Note > that this is a location on a tmpfs, so if you want to have it on a > persistent disk, you'll need to copy it to a location of your > choosing. > This seems like a good candidate note to have in the

Re: [Nix-dev] NixOps - secret/credentials management

2016-05-12 Thread Rob Vermaas
Hi Tomasz, > I wanted to deploy some secrets/certificates to machines and I'm not sure > how to do that. I would like to avoid storing those in nix store. Is there > any way to deploy secrets to machines and not use nix store? > > I know there is solution to deploy disk encryption keys which is

Re: [Nix-dev] NixOps - secret/credentials management

2016-05-12 Thread Oliver Charles
You're right! I didn't entirely think that one through, shouldn't reply to emails before my morning cup of coffee ;) Ollie On Thu, May 12, 2016 at 9:48 AM Peter Simons wrote: > Hi Oliver, > > > One option is to introduce these credentials as parameters to your > network

Re: [Nix-dev] NixOps - secret/credentials management

2016-05-12 Thread Peter Simons
Hi Oliver, > One option is to introduce these credentials as parameters to your network > evaluation: > > { secretCertificate }: > { > web = { ... } : ... > } > > Then you will need to set this parameter when you do deployments in order to > evaluate the network expression and perform

Re: [Nix-dev] NixOps - secret/credentials management

2016-05-12 Thread Oliver Charles
Hi Tomasz, One option is to introduce these credentials as parameters to your network evaluation: { secretCertificate }: { web = { ... } : ... } Then you will need to set this parameter when you do deployments in order to evaluate the network expression and perform deployments. You could

[Nix-dev] NixOps - secret/credentials management

2016-05-11 Thread Tomasz Czyż
Hi all NixOps users and devs. I wanted to deploy some secrets/certificates to machines and I'm not sure how to do that. I would like to avoid storing those in nix store. Is there any way to deploy secrets to machines and not use nix store? I know there is solution to deploy disk encryption keys