-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why does a container failure prevent sops-nix from working? #351
Comments
This is not a sops-nix issue but rather an understanding of how
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I’ve found a case which I don’t understand. I’ve got sops-nix setup and working with a minimal NixOS configuration. I do a
nixos-rebuild switch
, and the secrets are visible in/run/secrets/
as expected.However, I then add some oci-containers to my configuration, using podman. Another
nixos-rebuild switch
, I get podman errors due to the containers not starting, which I fully expect as they’re not fully configured yet. I try anixos-rebuild boot
instead, it finishes without error.But the weird part is, when the containers fail to start, there are no secrets visible in
/run/secrets
. It’s almost like sops-nix only gets activated onnixos-rebuild switch
and notnixos-rebuild boot
, and the container failure is cutting the rebuild short before it gets around to letting sops-nix run.But, given that some of the containers specify
environmentFiles
values that reference sops-nix secrets, I would expect the secrets to already be processed and available before the containers try to start…What is going on here? When does sops-nix actually get activated? Why would a container failure cause sops-nix to not run?
The text was updated successfully, but these errors were encountered: