forked from mirrors/nixpkgs
Mount a ramfs on /run/keys for safe key storage for nixops
Signed-off-by: Shea Levy <shea@shealevy.com>
This commit is contained in:
parent
1e0352f801
commit
bfc682ea37
|
@ -131,6 +131,15 @@ if ! mountpoint -q /run; then
|
|||
mount -t tmpfs -o "mode=0755,size=@runSize@" none /run
|
||||
fi
|
||||
|
||||
# Create a ramfs on /run/keys to hold secrets that shouldn't
|
||||
# be written to disk (generally used for nixops, harmless
|
||||
# elsehwere)
|
||||
if ! mountpoint -q /run/keys; then
|
||||
rm -rf /run/keys
|
||||
mkdir -m 0700 /run/keys
|
||||
mount -t ramfs none /run/keys
|
||||
fi
|
||||
|
||||
mkdir -m 0755 -p /run/lock
|
||||
|
||||
|
||||
|
|
Loading…
Reference in a new issue