!atvIbxHoEqNcAIxYpN:nixos.org

NixOS AWS

65 Members
17 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
28 Apr 2025
@arianvp:matrix.orgArian *

you can also build your own ami. there are instructions in https://github.com/nixos/amis

But I highly advise against building NixOS configs with secrets in them. The nix store is world-readable and not a suitable place for storing any kind of secret.

Secrets should either be avoided (by using IAM roles) or should be a runtime concern and fetched with said IAM roles from a dedicated secrets manager like SSM parameter store, AWS SecretsManager, or something like OpenBao or Vault

12:16:19
@notmycommit:notwork.indbalanRedacted or Malformed Event14:41:19
@notmycommit:notwork.indbalanYup, We do this weird route more or less for avoiding storing secrets anywhere other than the instance.15:04:12
@notmycommit:notwork.indbalanSecrets are in vault or aws depending on the layer and they get populated on first boot in the config15:04:57

Show newer messages

Back to Room ListRoom Version: 10