colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #181377 from mayflower/mxisd-secrets

Browse Source 
nixos/mxisd: allow passing secrets
This commit is contained in:
Maximilian Bosch 2022-07-18 15:10:49 +02:00 committed by GitHub
commit 179688c7c8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
nixos/modules/services/networking/mxisd.nix
View File

@ -46,6 +46,15 @@ in {
description = "The mxisd/ma1sd package to use";
};
environmentFile = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Path to an environment-file which may contain secrets to be
substituted via <package>envsubst</package>.
'';
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/mxisd";
@ -118,7 +127,12 @@ in {
Type = "simple";
User = "mxisd";
Group = "mxisd";
ExecStart = "${cfg.package}/bin/${executable} -c ${configFile}";
EnvironmentFile = mkIf (cfg.environmentFile != null) [ cfg.environmentFile ];
ExecStart = "${cfg.package}/bin/${executable} -c ${cfg.dataDir}/mxisd-config.yaml";
ExecStartPre = "${pkgs.writeShellScript "mxisd-substitute-secrets" ''
${pkgs.envsubst}/bin/envsubst -o ${cfg.dataDir}/mxisd-config.yaml \
-i ${configFile}
''}";
WorkingDirectory = cfg.dataDir;
Restart = "on-failure";
};