[Nix-dev] NixOps - merge config files
Kevin Cox
kevincox at kevincox.ca
Thu Jun 9 16:30:42 CEST 2016
On 09/06/16 10:21, 4levels wrote:
> Hi Nix Devs,
>
> I've tried using the deployment.keys but that seems to be only there for
> user accounts and not for custom configurations. As I need multiple
> keys for each platform (eg. symfony, wordpress - cipher, key, database
> password, admin user password etc etc) it seems that deployment.keys
> will not work for this purpose.
>
I don't know what you mean by "only there for user accounts". I use
deployment.keys for most of the things you describe and it works fine.
> I'm now resorting to using builtins.readFile and creating separate files
> for the passwords in a folder I can then encrypt with git-crypt.
> This way I'm also able to use conflicting nix characters in the
> passwords as well.
This seems like a different issue. Are you talking about keeping the
keys private in the configuration or on the server (or both)?
Although for keeping the keys private in the config I use git-crypt as
well. I have a directory called "secrets" that I store the files in.
Some I keep as text files and read using `builtins.readFile` and some I
leave as nix expressions and simply import them.
>
> As a last question here I was wondering if there's a way to strip
> trailing newlines when reading files with builtins.readFile as my IDE
> keeps adding a newline at the end of each file when saving. I'll post a
> new message here for this request as this is not relevant in this topic
>
Text files have newlines at the end 😉
You can use lib.removeSuffix to drop that newline if it's a problem.
Hope that helps, Kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: OpenPGP digital signature
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160609/9fbff639/attachment.sig>
More information about the nix-dev
mailing list