greg
/
nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add generate-secrets.service

This commit is contained in:
Erik Arvstedt 2019-11-27 14:04:32 +01:00
parent 6447694214
commit b90bf6691b
No known key found for this signature in database
GPG Key ID: 33312B944DD97846
1 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
modules/secrets/generate-secrets.nix Normal file
View File

@ -0,0 +1,29 @@
{ config, pkgs, lib, ... }:
# This is mainly for testing.
# When using this for regular deployments, make sure to create a backup of the
# generated secrets.
with lib;
let
secretsDir = "/secrets/"; # TODO: make this an option
in
{
nix-bitcoin.setup-secrets = true;
systemd.services.generate-secrets = {
requiredBy = [ "setup-secrets.service" ];
before = [ "setup-secrets.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
} // config.nix-bitcoin-services.defaultHardening;
script = ''
mkdir -p "${secretsDir}"
cd "${secretsDir}"
chown root: .
chmod 0700 .
${pkgs.nix-bitcoin.generate-secrets}
'';
};
}