Branch: refs/heads/master
Home: https://github.com/NixOS/nixops
Commit: 51cafce31ea356940f2bb810335ea61e7351470e
https://github.com/NixOS/nixops/commit/51cafce31ea356940f2bb810335ea61e7351470e
Author: aszlig <[email protected]>
Date: 2014-06-24 (Tue, 24 Jun 2014)
Changed paths:
M nix/keys.nix
M nixops/backends/__init__.py
Log Message:
-----------
Allow users in group "keys" to access /run/keys.
This makes it at least possible to access the keys directory if a
particular service is in the keys group, which has been introduced by
NixOS/nixpkgs@4ab5646417e3cc606281f71027c12ddced8b65b4.
However, to let specific users access a particular key, you still need
to work around it by adding an additional systemd service that sets the
right permissions. But at least with this we should have some
consistency with what is actually done in <nixpkgs>.
Signed-off-by: aszlig <[email protected]>
Commit: 3adc3597571f0906ca0902c33775e22590236b0e
https://github.com/NixOS/nixops/commit/3adc3597571f0906ca0902c33775e22590236b0e
Author: aszlig <[email protected]>
Date: 2014-06-24 (Tue, 24 Jun 2014)
Changed paths:
M nix/keys.nix
M nixops/backends/__init__.py
Log Message:
-----------
Turn "keys" option into an attrset of attrsets.
This now provides options for each key and also converts old style
string-only keys into the new format while emitting a warning.
At the moment only the "text" option is actually supported.
For applying the keys for string-values the permissions attribute is set
to "0600" instead of the default value "0640" in keyOptionsType in order
to correctly replicate the old behaviour even when we implement
permissions and ownership.
Signed-off-by: aszlig <[email protected]>
Commit: 1a3b226231d85e4fe3dc55d071e8f42dc74fded3
https://github.com/NixOS/nixops/commit/1a3b226231d85e4fe3dc55d071e8f42dc74fded3
Author: aszlig <[email protected]>
Date: 2014-06-24 (Tue, 24 Jun 2014)
Changed paths:
M nixops/backends/__init__.py
Log Message:
-----------
MachineState: Implement permissions for keys.
This however only implements setting permissions if "storeKeysOnMachine" is
set to false right now, because if the value is set to true the keys are
symlinked from the store and we actually have to find a way to control
permisions on it, which for the store is only possible if NixOS/nix#8 is
implemented.
Also, this ensures that the key filename is properly escaped.
Signed-off-by: aszlig <[email protected]>
Commit: ed2ba39a0cdd999e87e6d90f3954ed1959f07cff
https://github.com/NixOS/nixops/commit/ed2ba39a0cdd999e87e6d90f3954ed1959f07cff
Author: aszlig <[email protected]>
Date: 2014-06-24 (Tue, 24 Jun 2014)
Changed paths:
M nix/keys.nix
Log Message:
-----------
nix/keys: Fix keyOptionsType submodule type.
First, forgot about specifying options.* and even if it would be there,
the option values wouldn't be merged because keyType was not properly
inheriting the merge function from keyOptionsType.
Signed-off-by: aszlig <[email protected]>
Commit: b4dfa057190f805c75cca6bc0dc8aa2775e581b7
https://github.com/NixOS/nixops/commit/b4dfa057190f805c75cca6bc0dc8aa2775e581b7
Author: aszlig <[email protected]>
Date: 2014-06-24 (Tue, 24 Jun 2014)
Changed paths:
M nix/keys.nix
Log Message:
-----------
nix/keys: Use 0600 as the default permissions.
Only using this for legacy options could introduce unexpected behaviour
when switching to the new configuration if the user just appends a .text
to its configuration values and could possibly lead to services that
refuse to work, especially when it comes to OpenSSH.
Signed-off-by: aszlig <[email protected]>
Commit: 3b16f5dfad6fbc72be88c18d2442828928fd12c0
https://github.com/NixOS/nixops/commit/3b16f5dfad6fbc72be88c18d2442828928fd12c0
Author: aszlig <[email protected]>
Date: 2014-06-24 (Tue, 24 Jun 2014)
Changed paths:
M nix/keys.nix
Log Message:
-----------
nix/keys: Fix eval if storeKeysOnMachine is true.
This currently only fixes evaluation but actually doesn't apply the
correct permissions on the key files because they're just links to world
readable files in the Nix store.
Signed-off-by: aszlig <[email protected]>
Commit: fb1307bb6eeff388c5d6713b9db438ac4ca53e43
https://github.com/NixOS/nixops/commit/fb1307bb6eeff388c5d6713b9db438ac4ca53e43
Author: aszlig <[email protected]>
Date: 2014-06-24 (Tue, 24 Jun 2014)
Changed paths:
M nix/keys.nix
Log Message:
-----------
nix/keys: Fix description of storeKeysOnMachine.
As storeKeysOnMachine no longer is true by default (7ae4b27), we
shouldn't say so in the description. Especially because the default
value is already shown in the generated manual along with the
description.
Signed-off-by: aszlig <[email protected]>
Commit: f250e19cbaea7d6666271721c4cfe4f5e129bef8
https://github.com/NixOS/nixops/commit/f250e19cbaea7d6666271721c4cfe4f5e129bef8
Author: aszlig <[email protected]>
Date: 2014-07-04 (Fri, 04 Jul 2014)
Changed paths:
M nix/keys.nix
Log Message:
-----------
nix/keys: Add a warning for storeKeysOnMachine.
This warning should be annoying enough so people will eventually set it
to false in case they ever used it. Especially if we want to set key
permissions, setting this option is pointless anyway because keys in
/run/keys are just symlinks to the world-readably store paths.
Signed-off-by: aszlig <[email protected]>
Commit: 8b3c27b470aecbb3a0c439de3172faa0ccde8584
https://github.com/NixOS/nixops/commit/8b3c27b470aecbb3a0c439de3172faa0ccde8584
Author: aszlig <[email protected]>
Date: 2014-07-04 (Fri, 04 Jul 2014)
Changed paths:
M nix/keys.nix
Log Message:
-----------
nix/keys: Correctly merge/convert deployment.keys.
So far we only used the apply function in order to convert keys as
string values into the new format. But if you have several keys defined,
mixing old and new format, the evaluation will fail because the apply
function is only evaluated once everything is merged.
So, we now use the same function we're using for apply to merge the
consecutive option values.
Signed-off-by: aszlig <[email protected]>
Commit: da140d85c05a3ea5e1f5f1ad6e314cf0fe6ae504
https://github.com/NixOS/nixops/commit/da140d85c05a3ea5e1f5f1ad6e314cf0fe6ae504
Author: Rob Vermaas <[email protected]>
Date: 2014-07-04 (Fri, 04 Jul 2014)
Changed paths:
M nix/keys.nix
M nixops/backends/__init__.py
Log Message:
-----------
Merge pull request #206 from aszlig/keys-permissions
Improve setting permissions on /run/keys.
Compare: https://github.com/NixOS/nixops/compare/1786c2494186...da140d85c05a_______________________________________________
nix-commits mailing list
[email protected]
http://lists.science.uu.nl/mailman/listinfo/nix-commits
