alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

Mount a ramfs on /run/keys for safe key storage for nixops

Browse source 
Signed-off-by: Shea Levy <shea@shealevy.com>
This commit is contained in:
Shea Levy 2014-02-05 08:00:19 -05:00
parent 1e0352f801
commit bfc682ea37
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
nixos/modules/system/boot/stage-2-init.sh
View file

@ -131,6 +131,15 @@ if ! mountpoint -q /run; then
mount -t tmpfs -o "mode=0755,size=@runSize@" none /run mount -t tmpfs -o "mode=0755,size=@runSize@" none /run
fi fi
# Create a ramfs on /run/keys to hold secrets that shouldn't
# be written to disk (generally used for nixops, harmless
# elsehwere)
if ! mountpoint -q /run/keys; then
rm -rf /run/keys
mkdir -m 0700 /run/keys
mount -t ramfs none /run/keys
fi
mkdir -m 0755 -p /run/lock mkdir -m 0755 -p /run/lock