ecoppens/colmena
1
0
Fork 0
forked from DGNum/colmena
Code Pull requests Activity

doc: mention keys group

Browse source 
Signed-off-by: Sumner Evans <me@sumnerevans.com>
This commit is contained in:
Sumner Evans 2023-04-28 14:16:52 -06:00
parent 089431737e
commit d83c6a40ed
No known key found for this signature in database
GPG key ID: 8904527AB50022FD
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
manual/src/features/keys.md
View file

@ -34,6 +34,15 @@ To upload your secrets without performing a full deployment, use `colmena upload
For each secret file deployed using `deployment.keys`, a systemd service with the name of `${name}-key.service` is created (`acme-credentials.secret-key.service` for the example above). For each secret file deployed using `deployment.keys`, a systemd service with the name of `${name}-key.service` is created (`acme-credentials.secret-key.service` for the example above).
This unit is only active when the corresponding file is present, allowing you to set up dependencies for services requiring secret files to function. This unit is only active when the corresponding file is present, allowing you to set up dependencies for services requiring secret files to function.
## Key Permissions
The `/run/keys` directory is owned by the `keys` group. If you are using a
systemd service running as a non-root user, you will likely need to add:
```
SupplementaryGroups = [ "keys" ];
```
to your service configuration.
## Flakes ## Flakes
If you are using flakes, Nix will copy the entire flake (everything tracked by git) into the Nix store during evaluation. If you are using flakes, Nix will copy the entire flake (everything tracked by git) into the Nix store during evaluation.