From ebd0618526e74ba4d6b754452708f98a45b1f100 Mon Sep 17 00:00:00 2001 From: Zhaofeng Li Date: Mon, 14 Oct 2024 10:23:29 -0600 Subject: [PATCH] nixos: Rename credentialsFile option to environmentFile Co-authored-by: Adam Stephens --- book/src/admin-guide/deployment/nixos.md | 4 ++-- integration-tests/basic/default.nix | 2 +- nixos/atticd.nix | 20 ++++++++++++-------- 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/book/src/admin-guide/deployment/nixos.md b/book/src/admin-guide/deployment/nixos.md index b30f7de..53ad032 100644 --- a/book/src/admin-guide/deployment/nixos.md +++ b/book/src/admin-guide/deployment/nixos.md @@ -41,8 +41,8 @@ You can import the module in one of two ways: services.atticd = { enable = true; - # Replace with absolute path to your credentials file - credentialsFile = "/etc/atticd.env"; + # Replace with absolute path to your environment file + environmentFile = "/etc/atticd.env"; settings = { listen = "[::]:8080"; diff --git a/integration-tests/basic/default.nix b/integration-tests/basic/default.nix index f54b467..9b63cdc 100644 --- a/integration-tests/basic/default.nix +++ b/integration-tests/basic/default.nix @@ -152,7 +152,7 @@ in { services.atticd = { enable = true; - credentialsFile = "/etc/atticd.env"; + environmentFile = "/etc/atticd.env"; settings = { listen = "[::]:8080"; diff --git a/nixos/atticd.nix b/nixos/atticd.nix index e48e3b0..d1f13c8 100644 --- a/nixos/atticd.nix +++ b/nixos/atticd.nix @@ -50,7 +50,7 @@ let --wait \ --collect \ --service-type=exec \ - --property=EnvironmentFile=${cfg.credentialsFile} \ + --property=EnvironmentFile=${cfg.environmentFile} \ --property=DynamicUser=yes \ --property=User=${cfg.user} \ --property=Environment=ATTICADM_PWD=$(pwd) \ @@ -72,13 +72,17 @@ let config.services.postgresql.enable && lib.hasPrefix "postgresql://" url && hasLocalStrings; in { + imports = [ + (lib.mkRenamedOptionModule [ "services" "atticd" "credentialsFile" ] [ "services" "atticd" "environmentFile" ]) + ]; + options = { services.atticd = { enable = lib.mkEnableOption "the atticd, the Nix Binary Cache server"; package = lib.mkPackageOption pkgs "attic-server" { }; - credentialsFile = lib.mkOption { + environmentFile = lib.mkOption { description = '' Path to an EnvironmentFile containing required environment variables: @@ -162,21 +166,21 @@ in config = lib.mkIf cfg.enable { assertions = [ { - assertion = cfg.credentialsFile != null; + assertion = cfg.environmentFile != null; message = '' - is not set. + is not set. Run `openssl genrsa -traditional -out private_key.pem 4096 | base64 -w0` and create a file with the following contents: ATTIC_SERVER_TOKEN_RS256_SECRET="output from command" - Then, set `services.atticd.credentialsFile` to the quoted absolute path of the file. + Then, set `services.atticd.environmentFile` to the quoted absolute path of the file. ''; } { - assertion = !lib.isStorePath cfg.credentialsFile; + assertion = !lib.isStorePath cfg.environmentFile; message = '' - points to a path in the Nix store. The Nix store is globally readable. + points to a path in the Nix store. The Nix store is globally readable. You should use a quoted absolute path to prevent this. ''; @@ -203,7 +207,7 @@ in serviceConfig = { ExecStart = "${cfg.package}/bin/atticd -f ${checkedConfigFile} --mode ${cfg.mode}"; - EnvironmentFile = cfg.credentialsFile; + EnvironmentFile = cfg.environmentFile; StateDirectory = "atticd"; # for usage with local storage and sqlite DynamicUser = true; User = cfg.user;