Merge pull request #2 from numtide/no-sudo

Procfile: avoid using sudo
main
Jörg Thalheim 2 years ago committed by GitHub
commit e2d7197f61
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -1,5 +1,5 @@
# run with `hivemind`` # run with `hivemind``
systemd-service: sleep 3 && sudo systemd-run --collect -u vault-nixos3.service -p LoadCredential=foo:$(pwd)/tmp/sock --wait --pipe cat '${CREDENTIALS_DIRECTORY}/foo' systemd-service: sleep 3 && systemd-run --user --collect -u vault-nixos3.service -p LoadCredential=foo:$(pwd)/tmp/sock --wait --pipe cat '${CREDENTIALS_DIRECTORY}/foo'
vault: vault server -dev -dev-root-token-id secret vault: vault server -dev -dev-root-token-id secret
vault-agent: sleep 5 && ./tests/setup-vault && sudo vault agent -config ./tests/vault-agent-example.hcl vault-agent: sleep 5 && ./tests/setup-vault && vault agent -config ./tests/vault-agent-example.hcl
systemd-vaultd: go run . -secrets tmp/secrets -sock tmp/sock systemd-vaultd: go run . -secrets tmp/secrets -sock tmp/sock

@ -22,16 +22,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1655567057, "lastModified": 1656938529,
"narHash": "sha256-Cc5hQSMsTzOHmZnYm8OSJ5RNUp22bd5NADWLHorULWQ=", "narHash": "sha256-j9hgKLoZZVYl/06Y2GzAhovGzfiuLzV5HX4kFEl+dTU=",
"owner": "NixOS", "owner": "Mic92",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e0a42267f73ea52adc061a64650fddc59906fc99", "rev": "5f6d0be096ef78b0fd38c3211d17117457193b69",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "Mic92",
"ref": "nixos-unstable", "ref": "vault",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }

@ -4,7 +4,8 @@
inputs = { inputs = {
flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.url = "github:hercules-ci/flake-parts";
flake-parts.inputs.nixpkgs.follows = "nixpkgs"; flake-parts.inputs.nixpkgs.follows = "nixpkgs";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; # https://github.com/NixOS/nixpkgs/pull/180114
nixpkgs.url = "github:Mic92/nixpkgs/vault";
}; };
outputs = { outputs = {

@ -20,6 +20,8 @@ in {
description = "systemd-vaultd daemon"; description = "systemd-vaultd daemon";
requires = ["systemd-vaultd.socket"]; requires = ["systemd-vaultd.socket"];
after = ["systemd-vaultd.socket"]; after = ["systemd-vaultd.socket"];
# Restarting can break services waiting for secrets
stopIfChanged = false;
serviceConfig = { serviceConfig = {
ExecStart = "${systemd-vaultd}/bin/systemd-vaultd"; ExecStart = "${systemd-vaultd}/bin/systemd-vaultd";
}; };

Loading…
Cancel
Save