{`-`} has joined #nixos-systemd
<Mic92> What sucks a bit is that all our nixos options expect absolute paths to secrets and systemd introduces now $CREDENTIAL_PATH which is dynamic
nix-build has joined #nixos-systemd
{^_^} has quit [Remote host closed the connection]
andi- has quit [Remote host closed the connection]
andi- has joined #nixos-systemd
nix-build has quit [Remote host closed the connection]
{^_^} has joined #nixos-systemd
<flokli> Mic92: you mean $CREDENTIALS_DIRECTORY, do you?
<flokli> and that's a downstream *env var* exposed to services to pick up secrets, pointing to a subdir of /run/credentials
<flokli> LoadCredential= points to places where systemd should read these from, which can be anywhere
<flokli> this could point to /run/secrets, /var/lib/secrets or wherever
<flokli> (wherever could be the location your sops decryption code puts decrypted secrets)
<flokli> but maybe I misunderstand what you were saying
V is now known as ^
^ is now known as V