pkg/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2025-12-26 14:14:58 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

README: keys group is not required anymore for a long time

Browse source
This commit is contained in:
Jörg Thalheim 2023-10-03 09:46:28 +02:00 committed by Jörg Thalheim
parent f5ddf92f75
commit 9de50ec9e5
1 changed files with 0 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

23
README.md
View file

@ -503,25 +503,6 @@ Consider the following nixos configuration example:
}
```
To access secrets each non-root process/service needs to be part of the keys group.
For systemd services this can be achieved as following:
```nix
{
systemd.services.some-service = {
serviceConfig.SupplementaryGroups = [ config.users.groups.keys.name ];
};
}
```
For login or system users this can be done like this:
```nix
{
users.users.example-user.extraGroups = [ config.users.groups.keys.name ];
}
```
<details>
<summary>This example configures secrets for buildkite, a CI agent;
the service needs a token and a SSH private key to function.</summary>
@ -544,10 +525,6 @@ the service needs a token and a SSH private key to function.</summary>
};
systemd.services.buildkite-agent-builder = {
serviceConfig.SupplementaryGroups = [ config.users.groups.keys.name ];
};
sops.secrets.buildkite-token.owner = config.users.buildkite-agent-builder.name;
sops.secrets.buildkite-ssh-key.owner = config.users.buildkite-agent-builder.name;
}