Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No options to set permissions on initrd secrets #391578

Open
auroraanna opened this issue Mar 20, 2025 · 1 comment
Open

No options to set permissions on initrd secrets #391578

auroraanna opened this issue Mar 20, 2025 · 1 comment
Labels
6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS

Comments

@auroraanna
Copy link
Contributor

the initrd nixos module (nixos/modules/system/boot/stage-1.nix) does not expose any options to set the owner, group and permissions for secrets.

This is an issue because e.g., it makes you unable run initrd systemd services that need secrets and don't run under root, like systemd-networkd. It requires a private key file for a wireguard interface and the PrivateKey attribute is discouraged and can't be used in initrd.
@auroraanna
Copy link
Contributor Author

systemd-networkd.service will also fail to run as root in initrd so that's not an option either.

@auroraanna auroraanna added the 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS label Mar 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@auroraanna