We have a private binary cache. Our tokens are short lived (60m), and automatically rotated during the work day by a local service. Every morning we have to re-up the oauth session. This means the netrc value is being updated on a regular basis.
But with detsys nix the files in additionalNetrcSources are read only once when the daemon boots. This means after an hour when the token rotates, even though the file referenced in additionalNetrcSources has been updated with a new token, the nix-daemon is still using the old one.
Ideally the additionalNetrcSources files would be checked on every use just like the real/effective netrc file is.
We have a private binary cache. Our tokens are short lived (60m), and automatically rotated during the work day by a local service. Every morning we have to re-up the oauth session. This means the netrc value is being updated on a regular basis.
But with detsys nix the files in
additionalNetrcSourcesare read only once when the daemon boots. This means after an hour when the token rotates, even though the file referenced inadditionalNetrcSourceshas been updated with a new token, the nix-daemon is still using the old one.Ideally the
additionalNetrcSourcesfiles would be checked on every use just like the real/effective netrc file is.