mirror of
https://github.com/zhaofengli/attic.git
synced 2024-12-14 11:57:30 +00:00
nixos: Rename credentialsFile option to environmentFile
Co-authored-by: Adam Stephens <adam@valkor.net>
This commit is contained in:
parent
7ffcf2d138
commit
ebd0618526
3 changed files with 15 additions and 11 deletions
|
@ -41,8 +41,8 @@ You can import the module in one of two ways:
|
||||||
services.atticd = {
|
services.atticd = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
# Replace with absolute path to your credentials file
|
# Replace with absolute path to your environment file
|
||||||
credentialsFile = "/etc/atticd.env";
|
environmentFile = "/etc/atticd.env";
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
listen = "[::]:8080";
|
listen = "[::]:8080";
|
||||||
|
|
|
@ -152,7 +152,7 @@ in {
|
||||||
|
|
||||||
services.atticd = {
|
services.atticd = {
|
||||||
enable = true;
|
enable = true;
|
||||||
credentialsFile = "/etc/atticd.env";
|
environmentFile = "/etc/atticd.env";
|
||||||
settings = {
|
settings = {
|
||||||
listen = "[::]:8080";
|
listen = "[::]:8080";
|
||||||
|
|
||||||
|
|
|
@ -50,7 +50,7 @@ let
|
||||||
--wait \
|
--wait \
|
||||||
--collect \
|
--collect \
|
||||||
--service-type=exec \
|
--service-type=exec \
|
||||||
--property=EnvironmentFile=${cfg.credentialsFile} \
|
--property=EnvironmentFile=${cfg.environmentFile} \
|
||||||
--property=DynamicUser=yes \
|
--property=DynamicUser=yes \
|
||||||
--property=User=${cfg.user} \
|
--property=User=${cfg.user} \
|
||||||
--property=Environment=ATTICADM_PWD=$(pwd) \
|
--property=Environment=ATTICADM_PWD=$(pwd) \
|
||||||
|
@ -72,13 +72,17 @@ let
|
||||||
config.services.postgresql.enable && lib.hasPrefix "postgresql://" url && hasLocalStrings;
|
config.services.postgresql.enable && lib.hasPrefix "postgresql://" url && hasLocalStrings;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
imports = [
|
||||||
|
(lib.mkRenamedOptionModule [ "services" "atticd" "credentialsFile" ] [ "services" "atticd" "environmentFile" ])
|
||||||
|
];
|
||||||
|
|
||||||
options = {
|
options = {
|
||||||
services.atticd = {
|
services.atticd = {
|
||||||
enable = lib.mkEnableOption "the atticd, the Nix Binary Cache server";
|
enable = lib.mkEnableOption "the atticd, the Nix Binary Cache server";
|
||||||
|
|
||||||
package = lib.mkPackageOption pkgs "attic-server" { };
|
package = lib.mkPackageOption pkgs "attic-server" { };
|
||||||
|
|
||||||
credentialsFile = lib.mkOption {
|
environmentFile = lib.mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
Path to an EnvironmentFile containing required environment
|
Path to an EnvironmentFile containing required environment
|
||||||
variables:
|
variables:
|
||||||
|
@ -162,21 +166,21 @@ in
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
assertions = [
|
assertions = [
|
||||||
{
|
{
|
||||||
assertion = cfg.credentialsFile != null;
|
assertion = cfg.environmentFile != null;
|
||||||
message = ''
|
message = ''
|
||||||
<option>services.atticd.credentialsFile</option> is not set.
|
<option>services.atticd.environmentFile</option> is not set.
|
||||||
|
|
||||||
Run `openssl genrsa -traditional -out private_key.pem 4096 | base64 -w0` and create a file with the following contents:
|
Run `openssl genrsa -traditional -out private_key.pem 4096 | base64 -w0` and create a file with the following contents:
|
||||||
|
|
||||||
ATTIC_SERVER_TOKEN_RS256_SECRET="output from command"
|
ATTIC_SERVER_TOKEN_RS256_SECRET="output from command"
|
||||||
|
|
||||||
Then, set `services.atticd.credentialsFile` to the quoted absolute path of the file.
|
Then, set `services.atticd.environmentFile` to the quoted absolute path of the file.
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
assertion = !lib.isStorePath cfg.credentialsFile;
|
assertion = !lib.isStorePath cfg.environmentFile;
|
||||||
message = ''
|
message = ''
|
||||||
<option>services.atticd.credentialsFile</option> points to a path in the Nix store. The Nix store is globally readable.
|
<option>services.atticd.environmentFile</option> points to a path in the Nix store. The Nix store is globally readable.
|
||||||
|
|
||||||
You should use a quoted absolute path to prevent this.
|
You should use a quoted absolute path to prevent this.
|
||||||
'';
|
'';
|
||||||
|
@ -203,7 +207,7 @@ in
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${cfg.package}/bin/atticd -f ${checkedConfigFile} --mode ${cfg.mode}";
|
ExecStart = "${cfg.package}/bin/atticd -f ${checkedConfigFile} --mode ${cfg.mode}";
|
||||||
EnvironmentFile = cfg.credentialsFile;
|
EnvironmentFile = cfg.environmentFile;
|
||||||
StateDirectory = "atticd"; # for usage with local storage and sqlite
|
StateDirectory = "atticd"; # for usage with local storage and sqlite
|
||||||
DynamicUser = true;
|
DynamicUser = true;
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
|
|
Loading…
Reference in a new issue