Persist OpenBao secrets in /var/lib and make readiness non-blocking

2026-01-27 17:28:39 -06:00 · 2026-01-27 17:28:39 -06:00 · 15fccd2ff4
commit 15fccd2ff4
parent 8b54a94c54
6 changed files with 123 additions and 85 deletions
--- a/hosts/juni/flake.nix
+++ b/hosts/juni/flake.nix
@ -349,7 +349,7 @@
                          exit 0
                        fi

-                        secret="/run/secrets/atuin-key-josh"
+                        secret="/var/lib/openbao-secrets/atuin-key-josh"
                        if [ ! -s "$secret" ]; then
                          echo "Missing atuin secret at $secret" >&2
                          exit 1
--- a/hosts/juni/impermanence.nix
+++ b/hosts/juni/impermanence.nix
@ -27,7 +27,7 @@

      # bao secrets
      "/run/openbao"
-      "/run/secrets"
+      "/var/lib/openbao-secrets"
    ];
    files = [
      "/machine-key.json"