Re: [Nix-dev] Persistent NixOps keys

(IMO) a much simpler solution: http://lists.science.uu.nl/pipermail/nix-dev/2016-June/020690.html On Mon, Jun 20, 2016 at 9:10 PM, Игорь Пашев wrote: > 2016-06-20 14:51 GMT+03:00 4levels <4lev...@gmail.com>: > > As I never change these keys (except by a nixops deploy or

Re: [Nix-dev] Persistent NixOps keys

2016-06-20 14:51 GMT+03:00 4levels <4lev...@gmail.com>: > As I never change these keys (except by a nixops deploy or nixops send-keys > call), can I assume that the save-keys service doesn't need to run every > single minute in this scenario? You can remove /root/keys by accident. In our setups,

Re: [Nix-dev] Persistent NixOps keys

Hi Игорь, thank you for clarifying this, I was already wondering what the sleep 1m was doing there in the while loop ;-) As I never change these keys (except by a nixops deploy or nixops send-keys call), can I assume that the save-keys service doesn't need to run every single minute in this

Re: [Nix-dev] Persistent NixOps keys

2016-06-19 15:35 GMT+03:00 4levels <4lev...@gmail.com>: > I was just wondering how this copes with server kills The "save" service runs every minute to check if any keys are not saved :-) And it runs on every key addition / removal. So right after a fresh deploy you are almost safe.

Re: [Nix-dev] Persistent NixOps keys

Hi Nix-devs, hi Tomasz, hi Игорь, I managed to get it working flawlessly by adding keys.target to the requires and after statements of my other service configs. I was just wondering how this copes with server kills (as Vultr periodically resets an instance when they experience system failures).

Re: [Nix-dev] Persistent NixOps keys

Hi Tomasz, Thanks for another great pointer! My own services do require the keys so I have to make them depend/require on keys.target I'm about to test this out, I'll keep you posted here.. Kind regards, Erik On Fri, Jun 17, 2016, 11:47 Tomasz Czyż wrote: > Erik, you

Re: [Nix-dev] Persistent NixOps keys

Erik, you also could add your load-keys service to network.target or any target which starts at the system start. So then you don't have to add it to specific apps, depends on your keys workflow. 2016-06-17 9:48 GMT+01:00 4levels <4lev...@gmail.com>: > That's probably it! > > I still need to

Re: [Nix-dev] Persistent NixOps keys

That's probably it! I still need to update all service configs to have keys.target in the wantedBy list. I read somewhere that I should also use requiredBy for it to really wait untill keys.target is finished.. Kind regards, Erik On Thu, Jun 16, 2016, 23:50 Игорь Пашев

Re: [Nix-dev] Persistent NixOps keys

2016-06-14 17:17 GMT+03:00 4levels <4lev...@gmail.com>: > wantedBy = [ "keys.target" ]; Maybe you don't have services depending on keys.target ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Persistent NixOps keys

Hi, I tried this but somehow the nixops-load-keys service is not automatically started. I can see the service with systemctl status and when I restart it, it does as expected (copies the files from /run/keys to /root/keys. However, when I reboot the machine, the nixops-load-keys service doesn't

Re: [Nix-dev] Persistent NixOps keys

2016-05-09 13:49 GMT+03:00 Tomasz Czyż : > I'm not sure I understand this correctly. Do you want to put keys into the > initrd? No, I keep them under /root/keys. The save service polls /run/keys for updates. ___ nix-dev mailing

Re: [Nix-dev] Persistent NixOps keys

I'm not sure I understand this correctly. Do you want to put keys into the initrd? 2016-05-08 20:54 GMT+01:00 Игорь Пашев : > Simple way to keep the keys on reboot. > /run/keys is mounted somewhere in initrd, > thus just a couple of services > (I was thinking about on-disk

[Nix-dev] Persistent NixOps keys

Simple way to keep the keys on reboot. /run/keys is mounted somewhere in initrd, thus just a couple of services (I was thinking about on-disk /run/keys) { config, lib, pkgs, ... }: let inherit (builtins) attrNames; inherit (lib) mkIf concatMapStringsSep; inherit (config.deployment) keys;