Nextcloud: Difference between revisions
→Maintenance: options to carry over, link to ACME DNS Challenge docs |
→Secrets management: don't recommend putting secrets in environment.etc |
||
| Line 208: | Line 208: | ||
Do not suply passwords, hashes or keys via the settings option, since they will be copied into the world-readable Nix store. Instead reference a JSON file containing secrets using the <code>secretFile</code> option. | Do not suply passwords, hashes or keys via the settings option, since they will be copied into the world-readable Nix store. Instead reference a JSON file containing secrets using the <code>secretFile</code> option. | ||
< | <syntaxhighlight lang="nix"> | ||
services.nextcloud = { | services.nextcloud = { | ||
[...] | [...] | ||
secretFile = "/etc/nextcloud-secrets.json"; | secretFile = "/etc/nextcloud-secrets.json"; | ||
}; | }; | ||
</syntaxhighlight> | |||
</ | |||
Consider using a [[Comparison of secret managing schemes|secret management tool]] instead of referencing an unencrypted local secrets file. | Consider using a [[Comparison of secret managing schemes|secret management tool]] instead of referencing an unencrypted local secrets file. | ||