ecoppens/colmena
1
0
Fork 0
forked from DGNum/colmena
Code Pull requests Activity

doc: mention keys group

Browse source 
Signed-off-by: Sumner Evans <me@sumnerevans.com>
This commit is contained in:
Sumner Evans 2023-04-28 14:16:52 -06:00
parent 089431737e
commit d83c6a40ed
No known key found for this signature in database
GPG key ID: 8904527AB50022FD
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
manual/src/features/keys.md
View file

@ -34,6 +34,15 @@ To upload your secrets without performing a full deployment, use `colmena upload
For each secret file deployed using `deployment.keys`, a systemd service with the name of `${name}-key.service` is created (`acme-credentials.secret-key.service` for the example above).
This unit is only active when the corresponding file is present, allowing you to set up dependencies for services requiring secret files to function.
## Key Permissions
The `/run/keys` directory is owned by the `keys` group. If you are using a
systemd service running as a non-root user, you will likely need to add:
```
SupplementaryGroups = [ "keys" ];
```
to your service configuration.
## Flakes
If you are using flakes, Nix will copy the entire flake (everything tracked by git) into the Nix store during evaluation.