This is deprecated do not use please. If you run as root this shouldn't be required, and if you don't run as root this implies problems with existing service. I'm not familiar with this software so could you please explain some of the issues when running this software as an unprivileged user?

hi @aanderse Thanks for the review. your right about PermissionsStartOnly it got here cause i did branch out of a little older revision. My main issue when not using root is when i m deploying using nixops the unit would fail to start since it requires some keys that won't be able to be accessed using the vault user since they will be under /run/keys. I don't wanna complicate stuff with a unit that copy the keys somewhere. Also, being able to choose whether to drop privileges or not is a good thing to have so people can decide on their own.

@PsyanticY Thanks for explaining. Fortunately nixops has you covered with the user, group, and permissions options available to every key you declare.

Were there other reasons you wanted this?

@aanderse Tried setting user group and permission with nixops but to no avail since /run/key folder is owned by root

@PsyanticY Generally speaking it is better to address such problems head on instead of coming up with workarounds. I would suggest filling an issue asking for assistance with deployment keys on nixops, or starting a thread on discourse. I was using deployment keys on nixops a fair bit last year so I'm pretty sure it works. Maybe just a config issue?

@aanderse Thanks for explaining. I ll be closing this.