8860a58deb
For secrets not part of the nix store there is no other way in NixOS to restart a service after the secret is updated. One example is changing password in userborn, which doesn't run as a activation script but as a systemd service.
description = "Automatically generates and configures a password for the root user."
categories = ["System"]
features = [ "inventory" ]
After the system was installed/deployed the following command can be used to display the root-password:
clan vars get [machine_name] root-password/root-password
See also: Vars
To regenerate the password run:
clan vars generate --regenerate [machine_name] --generator root-password