diff options
| author | Shea Levy <shea@shealevy.com> | 2014-02-05 08:00:19 -0500 |
|---|---|---|
| committer | Shea Levy <shea@shealevy.com> | 2014-02-05 08:00:19 -0500 |
| commit | bfc682ea372d04049994d679ae1cce3fa3aeff4a (patch) | |
| tree | cf2c024f1f6f9002e5243a066369634810c35328 /nixos | |
| parent | 1e0352f80140510ac0d0fa303197fc75235049ec (diff) | |
| download | nixlib-bfc682ea372d04049994d679ae1cce3fa3aeff4a.tar nixlib-bfc682ea372d04049994d679ae1cce3fa3aeff4a.tar.gz nixlib-bfc682ea372d04049994d679ae1cce3fa3aeff4a.tar.bz2 nixlib-bfc682ea372d04049994d679ae1cce3fa3aeff4a.tar.lz nixlib-bfc682ea372d04049994d679ae1cce3fa3aeff4a.tar.xz nixlib-bfc682ea372d04049994d679ae1cce3fa3aeff4a.tar.zst nixlib-bfc682ea372d04049994d679ae1cce3fa3aeff4a.zip | |
Mount a ramfs on /run/keys for safe key storage for nixops
Signed-off-by: Shea Levy <shea@shealevy.com>
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/system/boot/stage-2-init.sh | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/nixos/modules/system/boot/stage-2-init.sh b/nixos/modules/system/boot/stage-2-init.sh index 2fadd3de1f0f..e0ff258c0eec 100644 --- a/nixos/modules/system/boot/stage-2-init.sh +++ b/nixos/modules/system/boot/stage-2-init.sh @@ -131,6 +131,15 @@ if ! mountpoint -q /run; then mount -t tmpfs -o "mode=0755,size=@runSize@" none /run fi +# Create a ramfs on /run/keys to hold secrets that shouldn't +# be written to disk (generally used for nixops, harmless +# elsehwere) +if ! mountpoint -q /run/keys; then + rm -rf /run/keys + mkdir -m 0700 /run/keys + mount -t ramfs none /run/keys +fi + mkdir -m 0755 -p /run/lock |