#nixos-systemd on 2020-11-02

00:10 {`-`} has joined #nixos-systemd

06:44 <Mic92> What sucks a bit is that all our nixos options expect absolute paths to secrets and systemd introduces now $CREDENTIAL_PATH which is dynamic

10:27 nix-build has joined #nixos-systemd

10:27 {^_^} has quit [Remote host closed the connection]

14:23 andi- has quit [Remote host closed the connection]

14:26 andi- has joined #nixos-systemd

15:49 nix-build has quit [Remote host closed the connection]

15:49 {^_^} has joined #nixos-systemd

19:59 <flokli> Mic92: you mean $CREDENTIALS_DIRECTORY, do you?

20:00 <flokli> and that's a downstream *env var* exposed to services to pick up secrets, pointing to a subdir of /run/credentials

20:01 <flokli> LoadCredential= points to places where systemd should read these from, which can be anywhere

20:02 <flokli> this could point to /run/secrets, /var/lib/secrets or wherever

20:03 <flokli> (wherever could be the location your sops decryption code puts decrypted secrets)

20:03 <flokli> but maybe I misunderstand what you were saying

20:32 V is now known as ^

20:40 ^ is now known as V