nix-bitcoin/modules/secrets/generate-secrets.nix

27 lines
634 B
Nix
Raw Normal View History

2019-11-27 05:04:32 -08:00
{ config, pkgs, lib, ... }:
# This is mainly for testing.
# When using this for regular deployments, make sure to create a backup of the
# generated secrets.
with lib;
{
nix-bitcoin.setup-secrets = true;
systemd.services.generate-secrets = {
requiredBy = [ "setup-secrets.service" ];
before = [ "setup-secrets.service" ];
serviceConfig = {
2020-02-26 11:37:46 -08:00
Type = "oneshot";
RemainAfterExit = true;
};
2019-11-27 05:04:32 -08:00
script = ''
mkdir -p "${config.nix-bitcoin.secretsDir}"
cd "${config.nix-bitcoin.secretsDir}"
2019-11-27 05:04:32 -08:00
chown root: .
chmod 0700 .
${config.nix-bitcoin.pkgs.generate-secrets}
2019-11-27 05:04:32 -08:00
'';
};
}