-
-
Notifications
You must be signed in to change notification settings - Fork 68
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build01: add initial marvin-mk2 configuration #25
Conversation
build01/marvin-mk2.nix
Outdated
# FIXME | ||
environment.GH_KEY_FILE = ""; | ||
# FIXME | ||
environment.GH_APP_ID_FILE = ""; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
By the way you can use EnvironmentFile to pass secrets from a file.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's quite nice. Potentially it means that the secret could even be owned by root isn't it?
I had a quick look at the EnvironmentFile documentation but it doesn't mention what user it will use to read the file.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, nice! Thanks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Having it owned by root might be nice, but since its exposed in the environment anyways the security benefits are probably marginal.
d9ed244
to
aee6b2a
Compare
827d900
to
0d07cd7
Compare
03a1d78
to
3aef26e
Compare
7ddd0e8
to
5fdaff1
Compare
Thanks @adisbladis for all your help 🎉 |
Adding marvin-mk2, see #24.
This is a work in progress.