Hello, nee <n...@cock.li> skribis:
> I made a package that builds the translations and installs gnu social > into the store. [...] > Here is an example config: http://paste.lisp.org/display/356859 Really cool that we can set up a complex service like this with just a few lines! > Here are a bunch of issues I have with guixSD in general: > > - Setting up the database requires the sql root password, the new > social_db_user password, and a password for the first admin user to > create in gnu social. > Having plaintext passwords in /etc/config.scm sounds pretty bad. > I'm not sure what the solution here is. > - Could we add a password store to guix? It could automatically > generate passwords and pass them to services. > - Should I generate a script that must be run manually and asks for > password input through stdin? > - Something else? For this particular case, I would do nothing: the first time, the service wouldn’t start (I guess). Users would have to explicitly set the passwords on the command line, and then run “herd start gnu-social”. > - The password of the database-user ends up in the config.php which is > generated by mixed-text-file. This file can be read by everyone. Can I > somehow set the owner on it and remove the reading rights from other > users? No, the store is world-readable. If there are secrets, they should be stored elsewhere, but there’s currently no standard way to do that in Guix. Thanks for sharing, and sorry for the late reply! Ludo’.
