snix/ops
Vincent Ambo b8267c261c fix(ops/irccat): Avoid permissions issue with LoadCredentials=
The DynamicUser + Group configuration does not work as planned, thus
the systemd LoadCredentials feature is used instead which makes the
file (which itself is only readable by root) available in a
memory-backed location only readable by the service.

The secret is only available to `ExecStart` commands, so units using
this feature can not be used with pre/post units and the like if those
commands need secrets.

To accommodate this, the merge of configuration files has been moved
into the service launch script, which is now the ExecStart= process.

For details take a look at https://www.freedesktop.org/software/systemd/man/systemd.exec.html#LoadCredential=ID:PATH

Change-Id: I693fe5677cc0d63c7aa485c2c7472457c5262166
2021-12-10 15:09:09 +00:00
..
besadii chore(besadii): Improve error messages on parse failure 2021-12-07 18:27:44 +00:00
deploy-whitby fix(deploy-whitby): Add jq to script $PATH 2021-09-11 14:33:42 +00:00
dns refactor(readTree): Move 'drvTargets' into readTree 2021-11-23 14:42:08 +00:00
gerrit-tvl feat(gerrit-tvl): add Buildkite-backed Checks plugin implementation 2021-04-07 11:19:04 +00:00
journaldriver refactor(ops): Consistent use of depot.third_party vs. pkgs 2021-04-10 12:09:20 +00:00
kontemplate docs(kontemplate): Remove mention of kontemplate website 2021-09-18 12:35:47 +00:00
machines fix(ops/irccat): Avoid permissions issue with LoadCredentials= 2021-12-10 15:09:09 +00:00
modules fix(ops/irccat): Avoid permissions issue with LoadCredentials= 2021-12-10 15:09:09 +00:00
mq_cli chore: Rename pkgs->depot in all Nix file headers 2020-02-21 13:54:53 +00:00
pipelines fix(ops/pipelines): Move to static pipeline 2021-12-10 11:01:21 +03:00
posix_mq.rs chore: Rename pkgs->depot in all Nix file headers 2020-02-21 13:54:53 +00:00
secrets chore(ops/secrets): Reencrypt with grfn's key included 2021-12-10 17:52:08 +03:00
users chore(ops/users): Rotate password for grfn 2021-12-10 09:45:17 -05:00
nixos.nix refactor(ops/nixos): Pass depot as a special argument 2021-05-24 21:48:37 +00:00