fi
'';
};
- deployment.keys."secrets.tar" = {
+ system.extraDependencies = [ secrets ];
+ deployment.secrets."secrets.tar" = {
+ source = "${secrets}";
+ destination = "/run/keys/secrets.tar";
+ owner.user = "root";
+ owner.group = "root";
permissions = "0400";
- # keyFile below is not evaluated at build time by nixops, so the
- # `secrets` path doesn’t necessarily exist when uploading the
- # keys, and nixops is unhappy.
- user = "root${builtins.substring 10000 1 secrets}";
- group = "root";
- keyFile = "${secrets}";
};
};
}