I was cursed with a client who uses ipsec vpn (which I wholehartedly hate). I don’t want to commit /etc/ipsec.secrets to my system flake. What is the go-to way for temporary setup? I managed to use config from my home folder with ipsec start --config but this garbage vpn keeps searching for secrets in my /etc. I’d gladly use a container if not for this faulty technology that doesn’t use typical operating system facilities like routes, but does some iptables magic instead 
In your situation I’d probably just throw it into /etc, partly because my system wouldn’t preserve the file on a reboot anyways, so I wouldn’t have to worry about deleting it later. I feel like it’d be a hassle to fight software that demands it work one way tbh.
1 Like
Oh wow, I feel so stupid now. I was almost certain /etc is read only 
I was doing environment.etc."ipsec.secrets" = { (...) text = ''} which is obviously cursed. Thanks!
1 Like