-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sops.template
docs with systemd DynamicUser
#412
Comments
Does systemd replace ${CREDENTIALS_DIRECTORY}/inadyn.conf in ExecStart? Didn't knew that. |
Yep -- Here are a few key snippets from the systemd docs:
Apparently this came out with v247 which released in 2020, so it's relatively recent. Note: Systemd ran into an issue loading the credential when the name of my |
Thanks for adding
sops.template
-- it really simplified getting a key into myinadyn
service.Along the way I learned that you can pass credentials into a systemd unit that runs w/
DynamicUser = true
. The key bit in the example below isLoadCredential = "inadyn.conf:${config.sops.templates."inadyn.conf".path}";
, which exposes the template to the unit at${CREDENTIALS_DIRECTORY}/inadyn.conf
.Wonder if it'd be worth updating the docs with these bits since I think it's pretty common to set the
DynamicUser
for better security? If not, figure at least having an example in this issue could be helpful to others in the future.The text was updated successfully, but these errors were encountered: