[Nix-dev] Setting default group & permissions on deployment.keys
4levels
4levels at gmail.com
Tue Jun 14 12:12:41 CEST 2016
Hi Rob,
thank you for your swift reply!
Does this mean I'm actually overriding the default keys behavior as defined
in https://github.com/NixOS/nixops/blob/master/nix/keys.nix ?
I was kind of hoping to be able to write something like
deployment.keys.*.group = "keys";
deployment.keys.*.permissions = "0640";
I'll give it a try and post back here.
Kind regards,
Erik
On Tue, Jun 14, 2016 at 12:06 PM Rob Vermaas <rob.vermaas at gmail.com> wrote:
> Hi Erik,
>
> > Is there a way to define a default group and permissions for all keys
> > without me specifying this for each key individually?
> > I'm currently well over 200 keys per machine so adding the group and
> > permissions for each key is quite elaborate..
>
> You could do somthing like:
>
> deployment.keys =
> let
> keyDir = /path/to/dir/with/my/keys;
> keys = builtins.attrNames (lib.filterAttrs (n: v: v ==
> "regular" ) (builtins.readDir keyDir));
> in with lib; listToAttrs (map (n: nameValuePair n { text =
> builtins.readFile (keyDir + ("/" + n)); group = "keys"; permissions =
> "0640"; }) keys);
>
> This would upload all files in /path/to/dir/with/my/keys to the
> machine in /run/keys. Note I didn't test this, so it might have some
> typos, biut hope the idea is clear. It's an adapted piece copied from
> something similar we are using.
>
> Cheers,
> --
> Rob Vermaas
>
> [email] rob.vermaas at gmail.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160614/a7e9efe2/attachment.html>
More information about the nix-dev
mailing list