[Nix-dev] Including SSL certificates with NixOS configuration
Wilhelm Schuster
ws at wilhelm.re
Tue Sep 13 20:12:37 CEST 2016
> On Sep 13, 2016, at 00:18, Tomasz Czyż <tomasz.czyz at gmail.com> wrote:
> all files written by nix (or maybe almost all) end up in /nix/store and are world-readable, not the best way to keep secrets.
Oops, that doesn’t sound like a great idea.
> You have to deploy secrets manually or you could use NixOps (and deployment.keys) to deploy server with NixOS and deploy keys/secrets.
Thanks for the suggestion. Sorry, I’m new to NixOps. Can I use it to deploy onto an already existing NixOS instance? I’m using a dedicated server and don’t want to run anything “on the cloud” or inside a virtual machine. (I’m planning to run NixOS as a container host.)
Cheers, Wilhelm Schuster.
More information about the nix-dev
mailing list