servers/mermet/keys.nix

   1 { pkgs, lib, config, ... }:
   2 let
   3   inherit (builtins) readFile;
   4   inherit (builtins.extraBuiltins) pass;
   5 in
   6 {
   7 deployment.keys = {
   8   /*
   9   "sourcephile.fr.key.pem" = {
  10     text        = pass "x509/sourcephile.fr/key.pem";
  11     user        = "root";
  12     group       = "root";
  13     destDir     = "/run/keys/";
  14     permissions = "0400"; # WARNING: not enforced when deployment.storeKeysOnMachine = true
  15   };
  16   "autogeree.net.key.pem" = {
  17     text        = pass "x509/autogeree.net/key.pem";
  18     user        = "root";
  19     group       = "root";
  20     destDir     = "/run/keys/";
  21     permissions = "0400"; # WARNING: not enforced when deployment.storeKeysOnMachine = true
  22   };
  23   */
  24 };
  25 }