diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-06-01 00:01:46 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-06-01 00:01:46 +0200 |
commit | 17f6eae9907a122d4472da727ae8b1ac1c40c027 (patch) | |
tree | 133ab8877a47ec707cb8c96e561a29e45395fce6 /modules/secrets.nix | |
parent | f33aade75160a345a721fd60451b9edaa4d10e44 (diff) | |
download | Nix-17f6eae9907a122d4472da727ae8b1ac1c40c027.tar.gz Nix-17f6eae9907a122d4472da727ae8b1ac1c40c027.tar.zst Nix-17f6eae9907a122d4472da727ae8b1ac1c40c027.zip |
Add a filesWatcher service to restart them when secrets change
Diffstat (limited to 'modules/secrets.nix')
-rw-r--r-- | modules/secrets.nix | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/modules/secrets.nix b/modules/secrets.nix index b282e56..808b15c 100644 --- a/modules/secrets.nix +++ b/modules/secrets.nix | |||
@@ -39,11 +39,15 @@ | |||
39 | if [ -f /run/keys/secrets.tar ]; then | 39 | if [ -f /run/keys/secrets.tar ]; then |
40 | if [ ! -f ${location}/currentSecrets ] || ! sha512sum -c --status "${location}/currentSecrets"; then | 40 | if [ ! -f ${location}/currentSecrets ] || ! sha512sum -c --status "${location}/currentSecrets"; then |
41 | echo "rebuilding secrets" | 41 | echo "rebuilding secrets" |
42 | rm -rf ${location} | 42 | TMP=$(${pkgs.coreutils}/bin/mktemp -d) |
43 | install -m0750 -o root -g keys -d ${location} | 43 | if [ -n "$TMP" ]; then |
44 | ${pkgs.gnutar}/bin/tar --strip-components 1 -C ${location} -xf /run/keys/secrets.tar | 44 | install -m0750 -o root -g keys -d $TMP |
45 | sha512sum /run/keys/secrets.tar > ${location}/currentSecrets | 45 | ${pkgs.gnutar}/bin/tar --strip-components 1 -C $TMP -xf /run/keys/secrets.tar |
46 | find ${location} -type d -exec chown root:keys {} \; -exec chmod o-rx {} \; | 46 | sha512sum /run/keys/secrets.tar > $TMP/currentSecrets |
47 | find $TMP -type d -exec chown root:keys {} \; -exec chmod o-rx {} \; | ||
48 | ${pkgs.rsync}/bin/rsync -O -c -av --delete $TMP/ ${location} | ||
49 | rm -rf $TMP | ||
50 | fi | ||
47 | fi | 51 | fi |
48 | fi | 52 | fi |
49 | ''; | 53 | ''; |